]> andersk Git - openssh.git/blame - ChangeLog
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (djm) Sync scard/ stuff
[openssh.git] / ChangeLog
CommitLineData
0e0144b7 120010915
2 - (djm) Make do_pre_login static to avoid prototype #ifdef hell
0fd6c7a9 3 - (djm) Sync scard/ stuff
0e0144b7 4
dcf29cf8 520010914
6 - (bal) OpenBSD CVS Sync
7 - markus@cvs.openbsd.org 2001/09/13
8 [rijndael.c rijndael.h]
9 missing $OpenBSD
fd022eed 10 - markus@cvs.openbsd.org 2001/09/14
11 [session.c]
12 command=xxx overwrites subsystems, too
9658ecbc 13 - markus@cvs.openbsd.org 2001/09/14
14 [sshd.c]
15 typo
fd022eed 16
88c3bfe0 1720010913
18 - (bal) OpenBSD CVS Sync
19 - markus@cvs.openbsd.org 2001/08/23 11:31:59
20 [cipher.c cipher.h]
21 switch to the optimised AES reference code from
22 http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
23
5c53a31e 2420010912
25 - (bal) OpenBSD CVS Sync
26 - jakob@cvs.openbsd.org 2001/08/16 19:18:34
27 [servconf.c servconf.h session.c sshd.8]
28 deprecate CheckMail. ok markus@
54bf768d 29 - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
30 [ssh.1 sshd.8]
31 document case sensitivity for ssh, sshd and key file
32 options and arguments; ok markus@
6d7b3036 33 - stevesk@cvs.openbsd.org 2001/08/17 18:59:47
34 [servconf.h]
35 typo in comment
ae897d7c 36 - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
37 [ssh.1 sshd.8]
38 minor typos and cleanup
c78e5800 39 - stevesk@cvs.openbsd.org 2001/08/22 16:21:21
40 [ssh.1]
41 hostname not optional; ok markus@
9495bfc5 42 - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
43 [sshd.8]
44 no rexd; ok markus@
29999e54 45 - stevesk@cvs.openbsd.org 2001/08/22 17:45:16
46 [ssh.1]
47 document cipher des for protocol 1; ok deraadt@
8fbc356d 48 - camield@cvs.openbsd.org 2001/08/23 17:59:31
49 [sshd.c]
50 end request with 0, not NULL
51 ok markus@
d866473d 52 - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
53 [ssh-agent.1]
54 fix usage; ok markus@
75304f85 55 - stevesk@cvs.openbsd.org 2001/08/23 18:08:59
56 [ssh-add.1 ssh-keyscan.1]
57 minor cleanup
b7f79e7a 58 - danh@cvs.openbsd.org 2001/08/27 22:02:13
59 [ssh-keyscan.c]
60 fix memory fault if non-existent filename is given to the -f option
61 ok markus@
14e4a15f 62 - markus@cvs.openbsd.org 2001/08/28 09:51:26
63 [readconf.c]
64 don't set DynamicForward unless Host matches
e591b98a 65 - markus@cvs.openbsd.org 2001/08/28 15:39:48
66 [ssh.1 ssh.c]
67 allow: ssh -F configfile host
46660a9e 68 - markus@cvs.openbsd.org 2001/08/29 20:44:03
69 [scp.c]
70 clear the malloc'd buffer, otherwise source() will leak malloc'd
71 memory; ok theo@
e675b851 72 - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
73 [sshd.8]
74 add text about -u0 preventing DNS requests; ok markus@
4c780c2a 75 - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
76 [ssh.1 ssh.c]
77 document -D and DynamicForward; ok markus@
d2e3df16 78 - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
79 [ssh.c]
80 validate ports for -L/-R; ok markus@
70068acc 81 - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
82 [ssh.1 sshd.8]
83 additional documentation for GatewayPorts; ok markus@
ad3e169f 84 - naddy@cvs.openbsd.org 2001/08/30 15:42:36
85 [ssh.1]
86 add -D to synopsis line; ok markus@
3a8aabf0 87 - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
88 [readconf.c ssh.1]
89 validate ports for LocalForward/RemoteForward.
90 add host/port alternative syntax for IPv6 (like -L/-R).
91 ok markus@
ed787d14 92 - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
93 [auth-options.c sshd.8]
94 validate ports for permitopen key file option. add host/port
95 alternative syntax for IPv6. ok markus@
4278ff63 96 - markus@cvs.openbsd.org 2001/08/30 22:22:32
97 [ssh-keyscan.c]
98 do not pass pointers to longjmp; fix from wayne@blorf.net
6b759005 99 - markus@cvs.openbsd.org 2001/08/31 11:46:39
100 [sshconnect2.c]
93111dfa 101 disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST
102 messages
103 - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
104 [readconf.c readconf.h ssh.c]
105 fatal() for nonexistent -Fssh_config. ok markus@
91789042 106 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
107 [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
108 avoid first person in manual pages
3a222388 109 - stevesk@cvs.openbsd.org 2001/09/12 18:18:25
110 [scp.c]
111 don't forward agent for non third-party copies; ok markus@
5c53a31e 112
c6ed03bd 11320010815
114 - (bal) Fixed stray code in readconf.c that went in by mistake.
65e683bd 115 - OpenBSD CVS Sync
116 - markus@cvs.openbsd.org 2001/08/07 10:37:46
117 [authfd.c authfd.h]
118 extended failure messages from galb@vandyke.com
c7f89f1f 119 - deraadt@cvs.openbsd.org 2001/08/08 07:16:58
120 [scp.1]
121 when describing the -o option, give -o Protocol=1 as the specific example
122 since we are SICK AND TIRED of clueless people who cannot have difficulty
123 thinking on their own.
f2f1bedd 124 - markus@cvs.openbsd.org 2001/08/08 18:20:15
125 [uidswap.c]
126 permanently_set_uid is a noop if user is not privilegued;
127 fixes bug on solaris; from sbi@uchicago.edu
58df8789 128 - markus@cvs.openbsd.org 2001/08/08 21:34:19
129 [uidswap.c]
130 undo last change; does not work for sshd
c3abff07 131 - jakob@cvs.openbsd.org 2001/08/11 22:51:27
132 [ssh.c tildexpand.c]
133 fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>.
134 ok markus@
4fa5a4db 135 - stevesk@cvs.openbsd.org 2001/08/13 23:38:54
136 [scp.c]
137 don't need main prototype (also sync with rcp); ok markus@
68874d2b 138 - markus@cvs.openbsd.org 2001/08/14 09:23:02
139 [sftp.1 sftp-int.c]
140 "bye"; hk63a@netscape.net
38539909 141 - stevesk@cvs.openbsd.org 2001/08/14 17:54:29
142 [scp.1 sftp.1 ssh.1]
143 consistent documentation and example of ``-o ssh_option'' for sftp and
144 scp; document keyword=argument for ssh.
41cb4569 145 - (bal) QNX resync. OK tim@
c6ed03bd 146
3454ff55 14720010814
148 - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup
149 for some #ifdef _CRAY code; ok wendyp@cray.com
5bd6962b 150 - (stevesk) sshpty.c: return 0 on error in cray pty code;
151 ok wendyp@cray.com
4809bc4c 152 - (stevesk) bsd-cray.c: utmp strings are not C strings
8280a5ae 153 - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com
3454ff55 154
d89a02d4 15520010812
156 - (djm) Fix detection of long long int support. Based on patch from
157 Michael Stone <mstone@cs.loyola.edu>. ok stevesk, tim
158
7ef909d3 15920010808
160 - (bal) Minor correction to inet_ntop.h. _BSD_RRESVPORT_H should be
161 _BSD_INET_NTOP_H. Pointed out by Mark Miller <markm@swoon.net>
162
a704dd54 16320010807
164 - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in
165 openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
166 in. Needed for sshconnect.c
167 [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
168 [configure.in] make tests with missing libraries fail
169 patch by Wendy Palm <wendyp@cray.com>
170 Added openbsd-compat/bsd-cray.h. Selective patches from
171 William L. Jones <jones@mail.utexas.edu>
172
4f7893dc 17320010806
174 - OpenBSD CVS Sync
175 - markus@cvs.openbsd.org 2001/07/22 21:32:27
176 [sshpty.c]
177 update comment
0aea6c59 178 - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42
179 [ssh.1]
180 There is no option "Compress", point to "Compression" instead; ok
181 markus
10a2cbef 182 - markus@cvs.openbsd.org 2001/07/22 22:04:19
183 [readconf.c ssh.1]
184 enable challenge-response auth by default; ok millert@
248bad82 185 - markus@cvs.openbsd.org 2001/07/22 22:24:16
186 [sshd.8]
187 Xr login.conf
9f37c0af 188 - markus@cvs.openbsd.org 2001/07/23 09:06:28
189 [sshconnect2.c]
190 reorder default sequence of userauth methods to match ssh behaviour:
191 hostbased,publickey,keyboard-interactive,password
29c440a0 192 - markus@cvs.openbsd.org 2001/07/23 12:47:05
193 [ssh.1]
194 sync PreferredAuthentications
7fd9477e 195 - aaron@cvs.openbsd.org 2001/07/23 14:14:18
196 [ssh-keygen.1]
197 Fix typo.
1bdee08c 198 - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
199 [auth2.c auth-rsa.c]
200 use %lu; ok markus@
bac2ef55 201 - stevesk@cvs.openbsd.org 2001/07/23 18:21:46
202 [xmalloc.c]
203 no zero size xstrdup() error; ok markus@
55684f0c 204 - markus@cvs.openbsd.org 2001/07/25 11:59:35
205 [scard.c]
206 typo in comment
ce773142 207 - markus@cvs.openbsd.org 2001/07/25 14:35:18
208 [readconf.c ssh.1 ssh.c sshconnect.c]
209 cleanup connect(); connection_attempts 4 -> 1; from
210 eivind@freebsd.org
f87f09aa 211 - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
212 [sshd.8 sshd.c]
213 add -t option to test configuration file and keys; pekkas@netcore.fi
214 ok markus@
c42158fe 215 - rees@cvs.openbsd.org 2001/07/26 20:04:27
216 [scard.c ssh-keygen.c]
217 Inquire Cyberflex class for 0xf0 cards
218 change aid to conform to 7816-5
219 remove gratuitous fid selects
2e23cde0 220 - millert@cvs.openbsd.org 2001/07/27 14:50:45
221 [ssh.c]
222 If smart card support is compiled in and a smart card is being used
223 for authentication, make it the first method used. markus@ OK
0b2988ca 224 - deraadt@cvs.openbsd.org 2001/07/27 17:26:16
225 [scp.c]
226 shorten lines
7f19f8bb 227 - markus@cvs.openbsd.org 2001/07/28 09:21:15
228 [sshd.8]
229 cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
79a6cb5c 230 - mouring@cvs.openbsd.org 2001/07/29 17:02:46
231 [scp.1]
232 Clarified -o option in scp.1 OKed by Markus@
0b595937 233 - jakob@cvs.openbsd.org 2001/07/30 16:06:07
234 [scard.c scard.h]
235 better errorcodes from sc_*; ok markus@
d6192346 236 - stevesk@cvs.openbsd.org 2001/07/30 16:23:30
237 [rijndael.c rijndael.h]
238 new BSD-style license:
239 Brian Gladman <brg@gladman.plus.com>:
240 >I have updated my code at:
241 >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
242 >with a copyright notice as follows:
243 >[...]
244 >I am not sure which version of my old code you are using but I am
245 >happy for the notice above to be substituted for my existing copyright
246 >intent if this meets your purpose.
71b7a18e 247 - jakob@cvs.openbsd.org 2001/07/31 08:41:10
248 [scard.c]
249 do not complain about missing smartcards. ok markus@
eea098a3 250 - jakob@cvs.openbsd.org 2001/07/31 09:28:44
251 [readconf.c readconf.h ssh.1 ssh.c]
252 add 'SmartcardDevice' client option to specify which smartcard device
253 is used to access a smartcard used for storing the user's private RSA
254 key. ok markus@.
88690211 255 - jakob@cvs.openbsd.org 2001/07/31 12:42:50
256 [sftp-int.c sftp-server.c]
257 avoid paths beginning with "//"; <vinschen@redhat.com>
258 ok markus@
2251e099 259 - jakob@cvs.openbsd.org 2001/07/31 12:53:34
260 [scard.c]
261 close smartcard connection if card is missing
9ff6f66f 262 - markus@cvs.openbsd.org 2001/08/01 22:03:33
263 [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
264 ssh-agent.c ssh.c]
265 use strings instead of ints for smartcard reader ids
1930af48 266 - markus@cvs.openbsd.org 2001/08/01 22:16:45
267 [ssh.1 sshd.8]
268 refer to current ietf drafts for protocol v2
4f831fd7 269 - markus@cvs.openbsd.org 2001/08/01 23:33:09
270 [ssh-keygen.c]
271 allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
272 like sectok).
1a23ac2c 273 - markus@cvs.openbsd.org 2001/08/01 23:38:45
05b7537a 274 [scard.c ssh.c]
275 support finish rsa keys.
276 free public keys after login -> call finish -> close smartcard.
93a56445 277 - markus@cvs.openbsd.org 2001/08/02 00:10:17
278 [ssh-keygen.c]
279 add -D readerid option (download, i.e. print public RSA key to stdout).
280 check for card present when uploading keys.
281 use strings instead of ints for smartcard reader ids, too.
285d2b15 282 - jakob@cvs.openbsd.org 2001/08/02 08:58:35
283 [ssh-keygen.c]
284 change -u (upload smartcard key) to -U. ok markus@
58153e34 285 - jakob@cvs.openbsd.org 2001/08/02 15:06:52
286 [ssh-keygen.c]
287 more verbose usage(). ok markus@
f0d6bdcf 288 - jakob@cvs.openbsd.org 2001/08/02 15:07:23
289 [ssh-keygen.1]
290 document smartcard upload/download. ok markus@
315dfb04 291 - jakob@cvs.openbsd.org 2001/08/02 15:32:10
292 [ssh.c]
293 add smartcard to usage(). ok markus@
3e984472 294 - jakob@cvs.openbsd.org 2001/08/02 15:43:57
295 [ssh-agent.c ssh.c ssh-keygen.c]
296 add /* SMARTCARD */ to #else/#endif. ok markus@
1a23ac2c 297 - jakob@cvs.openbsd.org 2001/08/02 16:14:05
dd2495cb 298 [scard.c ssh-agent.c ssh.c ssh-keygen.c]
299 clean up some /* SMARTCARD */. ok markus@
0f6d5acf 300 - mpech@cvs.openbsd.org 2001/08/02 18:37:35
301 [ssh-keyscan.1]
302 o) .Sh AUTHOR -> .Sh AUTHORS;
303 o) .Sh EXAMPLE -> .Sh EXAMPLES;
304 o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
305
306 millert@ ok
5a26334c 307 - jakob@cvs.openbsd.org 2001/08/03 10:31:19
308 [ssh-add.1]
309 document smartcard options. ok markus@
33e766d2 310 - jakob@cvs.openbsd.org 2001/08/03 10:31:30
311 [ssh-add.c ssh-agent.c ssh-keyscan.c]
312 improve usage(). ok markus@
5061072f 313 - markus@cvs.openbsd.org 2001/08/05 23:18:20
314 [ssh-keyscan.1 ssh-keyscan.c]
315 ssh 2 support; from wayned@users.sourceforge.net
578954b1 316 - markus@cvs.openbsd.org 2001/08/05 23:29:58
317 [ssh-keyscan.c]
318 make -t dsa work with commercial servers, too
cddb9003 319 - stevesk@cvs.openbsd.org 2001/08/06 19:47:05
320 [scp.c]
321 use alarm vs. setitimer for portable; ok markus@
94796c10 322 - (bal) ssh-keyscan double -lssh hack due to seed_rng().
1a23ac2c 323 - (bal) Second around of UNICOS patches. A few other things left.
324 Patches by William L. Jones <jones@mail.utexas.edu>
4f7893dc 325
29a47408 32620010803
327 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
328 a fast UltraSPARC.
329
42ad0eec 33020010726
331 - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
332 handler has converged.
333
aa7dbcdd 33420010725
335 - (bal) Added 'install-nokeys' to Makefile to assist package builders.
336
0b7d19eb 33720010724
338 - (bal) 4711 not 04711 for ssh binary.
339
ca5c7d6a 34020010722
341 - (bal) Starting the Unicossmk merger. File merged TODO, configure.in,
342 myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in.
343 Added openbsd-compat/bsd-cray.c. Rest will be merged after
344 approval. Selective patches from William L. Jones
345 <jones@mail.utexas.edu>
7458aff1 346 - OpenBSD CVS Sync
347 - markus@cvs.openbsd.org 2001/07/18 21:10:43
348 [sshpty.c]
349 pr #1946, allow sshd if /dev is readonly
ec9f3450 350 - stevesk@cvs.openbsd.org 2001/07/18 21:40:40
351 [ssh-agent.c]
352 chdir("/") from bbraun@synack.net; ok markus@
5bef3c35 353 - stevesk@cvs.openbsd.org 2001/07/19 00:41:44
354 [ssh.1]
355 escape chars are below now
7efa8482 356 - markus@cvs.openbsd.org 2001/07/20 14:46:11
357 [ssh-agent.c]
358 do not exit() from signal handlers; ok deraadt@
491f5f7b 359 - stevesk@cvs.openbsd.org 2001/07/20 18:41:51
360 [ssh.1]
361 "the" command line
ca5c7d6a 362
979b0a64 36320010719
364 - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS.
365 report from Mark Miller <markm@swoon.net>
366
6e69a45d 36720010718
368 - OpenBSD CVS Sync
2c5b1791 369 - stevesk@cvs.openbsd.org 2001/07/14 15:10:17
370 [readpass.c sftp-client.c sftp-common.c sftp-glob.c]
371 delete spurious #includes; ok deraadt@ markus@
68fa858a 372 - markus@cvs.openbsd.org 2001/07/15 16:17:08
2c5b1791 373 [serverloop.c]
374 schedule client alive for ssh2 only, greg@cheers.bungi.com
2c71dfc1 375 - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
376 [ssh-agent.1]
377 -d will not fork; ok markus@
d1fc1b88 378 - stevesk@cvs.openbsd.org 2001/07/15 16:58:29
68fa858a 379 [ssh-agent.c]
d1fc1b88 380 typo in usage; ok markus@
68fa858a 381 - markus@cvs.openbsd.org 2001/07/17 20:48:42
382 [ssh-agent.c]
e364646f 383 update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
68fa858a 384 - markus@cvs.openbsd.org 2001/07/17 21:04:58
385 [channels.c channels.h clientloop.c nchan.c serverloop.c]
489aa2e9 386 keep track of both maxfd and the size of the malloc'ed fdsets.
387 update maxfd if maxfd gets closed.
c3941fa6 388 - mouring@cvs.openbsd.org 2001/07/18 16:45:52
389 [scp.c]
390 Missing -o in scp usage()
68fa858a 391 - (bal) Cleaned up trailing spaces in ChangeLog.
31fb6aaf 392 - (bal) Allow sshd to switch user context without password for Cygwin.
393 Patch by Corinna Vinschen <vinschen@redhat.com>
41fcc457 394 - (bal) Updated cygwin README and ssh-host-config. Patch by
ad0cc858 395 Corinna Vinschen <vinschen@redhat.com>
6e69a45d 396
39c98ef7 39720010715
398 - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by
399 Josh Larios <jdlarios@cac.washington.edu>
c14e6239 400 - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in.
401 needed by openbsd-compat/fake-getaddrinfo.c
68fa858a 402
6800f427 40320010714
404 - (stevesk) change getopt() declaration
763a1a18 405 - (stevesk) configure.in: use ll suffix for long long constant
406 in snprintf() test
6800f427 407
453b4bd0 40820010713
68fa858a 409 - (djm) Enable /etc/nologin check on PAM systems, as some lack the
410 pam_nologin module. Report from William Yodlowsky
453b4bd0 411 <bsd@openbsd.rutgers.edu>
9912296f 412 - (djm) Revert dirname fix, a better one is on its way.
1ee482c5 413 - OpenBSD CVS Sync
414 - markus@cvs.openbsd.org 2001/07/04 22:47:19
415 [ssh-agent.c]
416 ignore SIGPIPE when debugging, too
878b5225 417 - markus@cvs.openbsd.org 2001/07/04 23:13:10
418 [scard.c scard.h ssh-agent.c]
419 handle card removal more gracefully, add sc_close() to scard.h
77261db4 420 - markus@cvs.openbsd.org 2001/07/04 23:39:07
421 [ssh-agent.c]
422 for smartcards remove both RSA1/2 keys
a0e0f486 423 - markus@cvs.openbsd.org 2001/07/04 23:49:27
424 [ssh-agent.c]
425 handle mutiple adds of the same smartcard key
62bb2c8f 426 - espie@cvs.openbsd.org 2001/07/05 11:43:33
427 [sftp-glob.c]
428 Directly cast to the right type. Ok markus@
429 - stevesk@cvs.openbsd.org 2001/07/05 20:32:47
430 [sshconnect1.c]
431 statement after label; ok dugsong@
97de229c 432 - stevesk@cvs.openbsd.org 2001/07/08 15:23:38
433 [servconf.c]
434 fix ``MaxStartups max''; ok markus@
f5a1a01a 435 - fgsch@cvs.openbsd.org 2001/07/09 05:58:47
436 [ssh.c]
437 Use getopt(3); markus@ ok.
ed916b28 438 - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
439 [session.c sftp-int.c]
440 correct type on last arg to execl(); nordin@cse.ogi.edu
333b5ba7 441 - markus@cvs.openbsd.org 2001/07/10 21:49:12
442 [readpass.c]
443 don't panic if fork or pipe fail (just return an empty passwd).
46d738cd 444 - itojun@cvs.openbsd.org 2001/07/11 00:24:53
445 [servconf.c]
68fa858a 446 make it compilable in all 4 combination of KRB4/KRB5 settings.
46d738cd 447 dugsong ok
448 XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
449 -I/usr/include/kerberosV?
afd501f9 450 - markus@cvs.openbsd.org 2001/07/11 16:29:59
451 [ssh.c]
452 sort options string, fix -p, add -k
453 - markus@cvs.openbsd.org 2001/07/11 18:26:15
454 [auth.c]
455 no need to call dirname(pw->pw_dir).
456 note that dirname(3) modifies its argument on some systems.
82d95536 457 - (djm) Reorder Makefile.in so clean targets work a little better when
458 run directly from Makefile.in
1812a662 459 - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension.
453b4bd0 460
85b08d98 46120010711
68fa858a 462 - (djm) dirname(3) may modify its argument on glibc and other systems.
85b08d98 463 Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
464
a96070d4 46520010704
466 - OpenBSD CVS Sync
467 - markus@cvs.openbsd.org 2001/06/25 08:25:41
68fa858a 468 [channels.c channels.h cipher.c clientloop.c compat.c compat.h
469 hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
a96070d4 470 session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
471 update copyright for 2001
8a497b11 472 - markus@cvs.openbsd.org 2001/06/25 17:18:27
473 [ssh-keygen.1]
68fa858a 474 sshd(8) will never read the private keys, but ssh(1) does;
8a497b11 475 hugh@mimosa.com
6978866a 476 - provos@cvs.openbsd.org 2001/06/25 17:54:47
477 [auth.c auth.h auth-rsa.c]
68fa858a 478 terminate secure_filename checking after checking homedir. that way
ffb215be 479 it works on AFS. okay markus@
480 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
481 [auth2.c sshconnect2.c]
482 prototype cleanup; ok markus@
2b30154a 483 - markus@cvs.openbsd.org 2001/06/26 02:47:07
484 [ssh-keygen.c]
485 allow loading a private RSA key to a cyberflex card.
ffdb5d70 486 - markus@cvs.openbsd.org 2001/06/26 04:07:06
487 [ssh-agent.1 ssh-agent.c]
488 add debug flag
983def13 489 - markus@cvs.openbsd.org 2001/06/26 04:59:59
490 [authfd.c authfd.h ssh-add.c]
491 initial support for smartcards in the agent
f7e5ac7b 492 - markus@cvs.openbsd.org 2001/06/26 05:07:43
493 [ssh-agent.c]
494 update usage
2b5fe3b8 495 - markus@cvs.openbsd.org 2001/06/26 05:33:34
496 [ssh-agent.c]
497 more smartcard support.
543baeea 498 - mpech@cvs.openbsd.org 2001/06/26 05:48:07
499 [sshd.8]
500 remove unnecessary .Pp between .It;
501 millert@ ok
0c9664c2 502 - markus@cvs.openbsd.org 2001/06/26 05:50:11
503 [auth2.c]
504 new interface for secure_filename()
2a1e4639 505 - itojun@cvs.openbsd.org 2001/06/26 06:32:58
68fa858a 506 [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
507 buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
508 compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
509 hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
2a1e4639 510 radix.h readconf.h readpass.h rsa.h]
511 prototype pedant. not very creative...
512 - () -> (void)
513 - no variable names
1c06a9ca 514 - itojun@cvs.openbsd.org 2001/06/26 06:33:07
68fa858a 515 [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
516 sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
1c06a9ca 517 ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
518 prototype pedant. not very creative...
519 - () -> (void)
520 - no variable names
ced49be2 521 - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
68fa858a 522 [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
ced49be2 523 servconf.c servconf.h session.c sshconnect1.c sshd.c]
68fa858a 524 Kerberos v5 support for SSH1, mostly from Assar Westerlund
ced49be2 525 <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
3474b2b4 526 - markus@cvs.openbsd.org 2001/06/26 17:25:34
527 [ssh.1]
528 document SSH_ASKPASS; fubob@MIT.EDU
255cabd9 529 - markus@cvs.openbsd.org 2001/06/26 17:27:25
68fa858a 530 [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
531 canohost.h channels.h cipher.h clientloop.h compat.h compress.h
532 crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
533 hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
534 packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
535 session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
536 sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
255cabd9 537 tildexpand.h uidswap.h uuencode.h xmalloc.h]
538 remove comments from .h, since they are cut&paste from the .c files
539 and out of sync
83f46621 540 - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
541 [servconf.c]
542 #include <kafs.h>
57156994 543 - markus@cvs.openbsd.org 2001/06/26 20:14:11
544 [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
545 add smartcard support to the client, too (now you can use both
546 the agent and the client).
547 - markus@cvs.openbsd.org 2001/06/27 02:12:54
548 [serverloop.c serverloop.h session.c session.h]
549 quick hack to make ssh2 work again.
80f8f24f 550 - markus@cvs.openbsd.org 2001/06/27 04:48:53
551 [auth.c match.c sshd.8]
552 tridge@samba.org
d0bfe096 553 - markus@cvs.openbsd.org 2001/06/27 05:35:42
554 [ssh-keygen.c]
555 use cyberflex_inq_class to inquire class.
2b63e803 556 - markus@cvs.openbsd.org 2001/06/27 05:42:25
557 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
558 s/generate_additional_parameters/rsa_generate_additional_parameters/
559 http://www.humppa.com/
34e02b83 560 - markus@cvs.openbsd.org 2001/06/27 06:26:36
561 [ssh-add.c]
562 convert to getopt(3)
d3260e12 563 - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
564 [ssh-keygen.c]
565 '\0' terminated data[] is ok; ok markus@
49ccba9c 566 - markus@cvs.openbsd.org 2001/06/29 07:06:34
567 [ssh-keygen.c]
568 new error handling for cyberflex_*
542d70b8 569 - markus@cvs.openbsd.org 2001/06/29 07:11:01
570 [ssh-keygen.c]
571 initialize early
eea46d13 572 - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
573 [clientloop.c]
574 sync function definition with declaration; ok markus@
8ab2cb35 575 - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
576 [channels.c]
577 use socklen_t for getsockopt arg #5; ok markus@
b3f8a79c 578 - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
579 [channels.c channels.h clientloop.c]
580 adress -> address; ok markus@
5b5d170c 581 - markus@cvs.openbsd.org 2001/07/02 13:59:15
582 [serverloop.c session.c session.h]
68fa858a 583 wait until !session_have_children(); bugreport from
5b5d170c 584 Lutz.Jaenicke@aet.TU-Cottbus.DE
613021ac 585 - markus@cvs.openbsd.org 2001/07/02 22:29:20
586 [readpass.c]
587 do not return NULL, use "" instead.
666248da 588 - markus@cvs.openbsd.org 2001/07/02 22:40:18
589 [ssh-keygen.c]
590 update for sectok.h interface changes.
3cf2be58 591 - markus@cvs.openbsd.org 2001/07/02 22:52:57
592 [channels.c channels.h serverloop.c]
593 improve cleanup/exit logic in ssh2:
594 stop listening to channels, detach channel users (e.g. sessions).
595 wait for children (i.e. dying sessions), send exit messages,
596 cleanup all channels.
637b033d 597 - (bal) forget a few new files in sync up.
06be7c3b 598 - (bal) Makefile fix up requires scard.c
ac96ca42 599 - (stevesk) sync misc.h
9c328529 600 - (stevesk) more sync for session.c
4f1f4d8d 601 - (stevesk) sync servconf.h (comments)
afb9165e 602 - (tim) [contrib/caldera/openssh.spec] sync with Caldera
d9e3d19f 603 - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to
604 issue warning (line 1: tokens ignored at end of directive line)
605 - (tim) [sshconnect1.c] give the compiler something to do for success:
606 if KRB5 and AFS are not defined
607 (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: })
637b033d 608
aa8d09da 60920010629
610 - (bal) Removed net_aton() since we don't use it any more
64c4b8d7 611 - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
7af3215a 612 - (bal) Updated zlib's home. Thanks to David Howe <DaveHowe@gmx.co.uk>.
16adf618 613 - (stevesk) remove _REENTRANT #define
16995a2c 614 - (stevesk) session.c: use u_int for envsize
6a26f353 615 - (stevesk) remove cli.[ch]
aa8d09da 616
f11065cb 61720010628
618 - (djm) Sync openbsd-compat with -current libc
68fa858a 619 - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
050df9db 620 broken makefile
07608451 621 - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
622 - (bal) Remove getusershell() since it's no longer used.
f11065cb 623
78220944 62420010627
625 - (djm) Reintroduce pam_session call for non-pty sessions.
68fa858a 626 - (djm) Remove redundant and incorrect test for max auth attempts in
627 PAM kbdint code. Based on fix from Matthew Melvin
763dfdf0 628 <matthewm@webcentral.com.au>
f0194608 629 - (djm) Rename sysconfdir/primes => sysconfdir/moduli
68fa858a 630 - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
ff4955c9 631 existing primes->moduli if it exists.
0eb1a22d 632 - (djm) Sync with -current openbsd-compat/readpassphrase.c:
633 - djm@cvs.openbsd.org 2001/06/27 13:23:30
634 typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
5ed2bb5b 635 - (djm) Turn up warnings if gcc or egcs detected
b8fea62d 636 - (stevesk) for HP-UX 11.X use X/Open socket interface;
637 pulls in modern socket prototypes and eliminates a number of compiler
638 warnings. see xopen_networking(7).
fef01705 639 - (stevesk) fix x11 forwarding from _PATH_XAUTH change
28564873 640 - (stevesk) use X/Open socket interface for HP-UX 10.X also
78220944 641
e16f4ac8 64220010625
0cd000dd 643 - OpenBSD CVS Sync
bc233fdf 644 - markus@cvs.openbsd.org 2001/06/21 21:08:25
645 [session.c]
646 don't reset forced_command (we allow multiple login shells in
647 ssh2); dwd@bell-labs.com
a5a2da3b 648 - mpech@cvs.openbsd.org 2001/06/22 10:17:51
649 [ssh.1 sshd.8 ssh-keyscan.1]
650 o) .Sh AUTHOR -> .Sh AUTHORS;
651 o) remove unnecessary .Pp;
652 o) better -mdoc style;
653 o) typo;
654 o) sort SEE ALSO;
a5a2da3b 655 aaron@ ok
e2854364 656 - provos@cvs.openbsd.org 2001/06/22 21:27:08
657 [dh.c pathnames.h]
658 use /etc/moduli instead of /etc/primes, okay markus@
e2432638 659 - provos@cvs.openbsd.org 2001/06/22 21:28:53
660 [sshd.8]
661 document /etc/moduli
96a7b0cc 662 - markus@cvs.openbsd.org 2001/06/22 21:55:49
68fa858a 663 [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
96a7b0cc 664 ssh-keygen.1]
665 merge authorized_keys2 into authorized_keys.
666 authorized_keys2 is used for backward compat.
667 (just append authorized_keys2 to authorized_keys).
826676b3 668 - provos@cvs.openbsd.org 2001/06/22 21:57:59
669 [dh.c]
670 increase linebuffer to deal with larger moduli; use rewind instead of
671 close/open
bc233fdf 672 - markus@cvs.openbsd.org 2001/06/22 22:21:20
673 [sftp-server.c]
674 allow long usernames/groups in readdir
a599bd06 675 - markus@cvs.openbsd.org 2001/06/22 23:35:21
2e000c58 676 [ssh.c]
677 don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
cb220a93 678 - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
679 [scp.c]
680 slightly better care
d0c8ca5c 681 - markus@cvs.openbsd.org 2001/06/23 00:20:57
682 [auth2.c auth.c auth.h auth-rh-rsa.c]
683 *known_hosts2 is obsolete for hostbased authentication and
684 only used for backward compat. merge ssh1/2 hostkey check
685 and move it to auth.c
e16f4ac8 686 - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
687 [sftp.1 sftp-server.8 ssh-keygen.1]
688 join .%A entries; most by bk@rt.fm
f49bc4f7 689 - markus@cvs.openbsd.org 2001/06/23 02:34:33
68fa858a 690 [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
f49bc4f7 691 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
68fa858a 692 get rid of known_hosts2, use it for hostkey lookup, but do not
f49bc4f7 693 modify.
7d747e89 694 - markus@cvs.openbsd.org 2001/06/23 03:03:59
695 [sshd.8]
696 draft-ietf-secsh-dh-group-exchange-01.txt
73473230 697 - markus@cvs.openbsd.org 2001/06/23 03:04:42
698 [auth2.c auth-rh-rsa.c]
699 restore correct ignore_user_known_hosts logic.
c10d042a 700 - markus@cvs.openbsd.org 2001/06/23 05:26:02
701 [key.c]
702 handle sigature of size 0 (some broken clients send this).
7b518233 703 - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
704 [sftp.1 sftp-server.8 ssh-keygen.1]
705 ok, tmac is now fixed
2e0becb6 706 - markus@cvs.openbsd.org 2001/06/23 06:41:10
707 [ssh-keygen.c]
708 try to decode ssh-3.0.0 private rsa keys
709 (allow migration to openssh, not vice versa), #910
396c147e 710 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
68fa858a 711 [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
712 canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
713 hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
714 readpass.c scp.c servconf.c serverloop.c session.c sftp.c
715 sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
716 ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
396c147e 717 ssh-keygen.c ssh-keyscan.c]
68fa858a 718 more strict prototypes. raise warning level in Makefile.inc.
396c147e 719 markus ok'ed
720 TODO; cleanup headers
a599bd06 721 - markus@cvs.openbsd.org 2001/06/23 17:05:22
722 [ssh-keygen.c]
723 fix import for (broken?) ssh.com/f-secure private keys
724 (i tested > 1000 RSA keys)
3730bb22 725 - itojun@cvs.openbsd.org 2001/06/23 17:48:18
726 [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
727 kill whitespace at EOL.
3aca00a3 728 - markus@cvs.openbsd.org 2001/06/23 19:12:43
729 [sshd.c]
730 pidfile/sigterm race; bbraun@synack.net
ce404659 731 - markus@cvs.openbsd.org 2001/06/23 22:37:46
732 [sshconnect1.c]
733 consistent with ssh2: skip key if empty passphrase is entered,
734 retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
2cee8a25 735 - markus@cvs.openbsd.org 2001/06/24 05:25:10
736 [auth-options.c match.c match.h]
737 move ip+hostname check to match.c
1843a425 738 - markus@cvs.openbsd.org 2001/06/24 05:35:33
739 [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
740 switch to readpassphrase(3)
741 2.7/8-stable needs readpassphrase.[ch] from libc
80097c54 742 - markus@cvs.openbsd.org 2001/06/24 05:47:13
743 [sshconnect2.c]
744 oops, missing format string
b4e7177c 745 - markus@cvs.openbsd.org 2001/06/24 17:18:31
746 [ttymodes.c]
747 passing modes works fine: debug2->3
ab88181c 748 - (djm) -Wall fix for session.c
3159d49a 749 - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
750 Solaris
0cd000dd 751
7751d4eb 75220010622
753 - (stevesk) handle systems without pw_expire and pw_change.
754
e04e7a19 75520010621
756 - OpenBSD CVS Sync
757 - markus@cvs.openbsd.org 2001/06/16 08:49:38
758 [misc.c]
759 typo; dunlap@apl.washington.edu
c03175c6 760 - markus@cvs.openbsd.org 2001/06/16 08:50:39
761 [channels.h]
762 bad //-style comment; thx to stevev@darkwing.uoregon.edu
08c260ea 763 - markus@cvs.openbsd.org 2001/06/16 08:57:35
764 [scp.c]
765 no stdio or exit() in signal handlers.
c4d49b85 766 - markus@cvs.openbsd.org 2001/06/16 08:58:34
767 [misc.c]
768 copy pw_expire and pw_change, too.
dac6753b 769 - markus@cvs.openbsd.org 2001/06/19 12:34:09
770 [session.c]
771 cleanup forced command handling, from dwd@bell-labs.com
ff027d84 772 - markus@cvs.openbsd.org 2001/06/19 14:09:45
773 [session.c sshd.8]
774 disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
c95add71 775 - markus@cvs.openbsd.org 2001/06/19 15:40:45
776 [session.c]
777 allocate and free at the same level.
d6746a0b 778 - markus@cvs.openbsd.org 2001/06/20 13:56:39
779 [channels.c channels.h clientloop.c packet.c serverloop.c]
780 move from channel_stop_listening to channel_free_all,
781 call channel_free_all before calling waitpid() in serverloop.
782 fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
e04e7a19 783
5ad9f968 78420010615
785 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
786 around grantpt().
f7940aa9 787 - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
5ad9f968 788
eb26141e 78920010614
790 - OpenBSD CVS Sync
791 - markus@cvs.openbsd.org 2001/06/13 09:10:31
792 [session.c]
793 typo, use pid not s->pid, mstone@cs.loyola.edu
794
86066315 79520010613
eb26141e 796 - OpenBSD CVS Sync
86066315 797 - markus@cvs.openbsd.org 2001/06/12 10:58:29
798 [session.c]
799 merge session_free into session_close()
800 merge pty_cleanup_proc into session_pty_cleanup()
653d5f86 801 - markus@cvs.openbsd.org 2001/06/12 16:10:38
802 [session.c]
803 merge ssh1/ssh2 tty msg parse and alloc code
76735fe3 804 - markus@cvs.openbsd.org 2001/06/12 16:11:26
805 [packet.c]
806 do not log() packet_set_maxsize
b44de2b1 807 - markus@cvs.openbsd.org 2001/06/12 21:21:29
808 [session.c]
809 remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
810 we do already trust $HOME/.ssh
811 you can use .ssh/sshrc and .ssh/environment if you want to customize
812 the location of the xauth cookies
7a313633 813 - markus@cvs.openbsd.org 2001/06/12 21:30:57
814 [session.c]
815 unused
86066315 816
2c9d881a 81720010612
38296b32 818 - scp.c ID update (upstream synced vfsprintf() from us)
819 - OpenBSD CVS Sync
2c9d881a 820 - markus@cvs.openbsd.org 2001/06/10 11:29:20
821 [dispatch.c]
822 we support rekeying
823 protocol errors are fatal.
1500bcdd 824 - markus@cvs.openbsd.org 2001/06/11 10:18:24
825 [session.c]
826 reset pointer to NULL after xfree(); report from solar@openwall.com
f740438e 827 - markus@cvs.openbsd.org 2001/06/11 16:04:38
828 [sshd.8]
829 typo; bdubreuil@crrel.usace.army.mil
2c9d881a 830
b4d02860 83120010611
68fa858a 832 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
833 <markm@swoon.net>
224cbdcc 834 - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
68fa858a 835 types. Patch by Jan IVEN <Jan.Iven@cern.ch>
0bb724ce 836 - (bal) Fixed Makefile.in so that 'configure; make install' works.
b4d02860 837
bf093080 83820010610
839 - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
840
e697bda7 84120010609
842 - OpenBSD CVS Sync
843 - markus@cvs.openbsd.org 2001/05/30 12:55:13
68fa858a 844 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
e697bda7 845 packet.c serverloop.c session.c ssh.c ssh1.h]
846 channel layer cleanup: merge header files and split .c files
36e1f6a1 847 - markus@cvs.openbsd.org 2001/05/30 15:20:10
848 [ssh.c]
849 merge functions, simplify.
a5efa1bb 850 - markus@cvs.openbsd.org 2001/05/31 10:30:17
68fa858a 851 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
a5efa1bb 852 packet.c serverloop.c session.c ssh.c]
68fa858a 853 undo the .c file split, just merge the header and keep the cvs
a5efa1bb 854 history
68fa858a 855 - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
8e7895b8 856 out of ssh Attic)
68fa858a 857 - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
a98da4aa 858 Attic.
859 - OpenBSD CVS Sync
860 - markus@cvs.openbsd.org 2001/05/31 13:08:04
861 [sshd_config]
862 group options and add some more comments
e4f7282d 863 - markus@cvs.openbsd.org 2001/06/03 14:55:39
864 [channels.c channels.h session.c]
68fa858a 865 use fatal_register_cleanup instead of atexit, sync with x11 authdir
e4f7282d 866 handling
e5b71e99 867 - markus@cvs.openbsd.org 2001/06/03 19:36:44
868 [ssh-keygen.1]
869 1-2 bits of entrophy per character (not per word), ok stevesk@
4fc334a2 870 - markus@cvs.openbsd.org 2001/06/03 19:38:42
871 [scp.c]
872 pass -v to ssh; from slade@shore.net
f5e69c65 873 - markus@cvs.openbsd.org 2001/06/03 20:06:11
874 [auth2-chall.c]
68fa858a 875 the challenge response device decides how to handle non-existing
f5e69c65 876 users.
877 -> fake challenges for skey and cryptocard
f0f32b8e 878 - markus@cvs.openbsd.org 2001/06/04 21:59:43
879 [channels.c channels.h session.c]
68fa858a 880 switch uid when cleaning up tmp files and sockets; reported by
f0f32b8e 881 zen-parse@gmx.net on bugtraq
c9130033 882 - markus@cvs.openbsd.org 2001/06/04 23:07:21
883 [clientloop.c serverloop.c sshd.c]
68fa858a 884 set flags in the signal handlers, do real work in the main loop,
c9130033 885 ok provos@
8dcd9d5c 886 - markus@cvs.openbsd.org 2001/06/04 23:16:16
887 [session.c]
888 merge ssh1/2 x11-fwd setup, create listener after tmp-dir
aa144206 889 - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
890 [ssh-keyscan.1 ssh-keyscan.c]
891 License clarification from David Mazieres, ok deraadt@
750c256a 892 - markus@cvs.openbsd.org 2001/06/05 10:24:32
893 [channels.c]
894 don't delete the auth socket in channel_stop_listening()
895 auth_sock_cleanup_proc() will take care of this.
fc2a1d28 896 - markus@cvs.openbsd.org 2001/06/05 16:46:19
897 [session.c]
898 let session_close() delete the pty. deny x11fwd if xauthfile is set.
d87596b0 899 - markus@cvs.openbsd.org 2001/06/06 23:13:54
900 [ssh-dss.c ssh-rsa.c]
901 cleanup, remove old code
edf9ae81 902 - markus@cvs.openbsd.org 2001/06/06 23:19:35
903 [ssh-add.c]
904 remove debug message; Darren.Moffat@eng.sun.com
2a6a054e 905 - markus@cvs.openbsd.org 2001/06/07 19:57:53
906 [auth2.c]
907 style is used for bsdauth.
908 disconnect on user/service change (ietf-drafts)
449c5ba5 909 - markus@cvs.openbsd.org 2001/06/07 20:23:05
68fa858a 910 [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
449c5ba5 911 sshconnect.c sshconnect1.c]
912 use xxx_put_cstring()
e6abba31 913 - markus@cvs.openbsd.org 2001/06/07 22:25:02
914 [session.c]
915 don't overwrite errno
916 delay deletion of the xauth cookie
fd9ede94 917 - markus@cvs.openbsd.org 2001/06/08 15:25:40
918 [includes.h pathnames.h readconf.c servconf.c]
919 move the path for xauth to pathnames.h
0abe778b 920 - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
83c17f20 921 - (bal) ANSIify strmode()
68fa858a 922 - (bal) --with-catman should be --with-mantype patch by Dave
923 Dykstra <dwd@bell-labs.com>
fd9ede94 924
4869a96f 92520010606
e697bda7 926 - OpenBSD CVS Sync
68fa858a 927 - markus@cvs.openbsd.org 2001/05/17 21:34:15
e697bda7 928 [ssh.1]
68fa858a 929 no spaces in PreferredAuthentications;
5ba55ada 930 meixner@rbg.informatik.tu-darmstadt.de
931 - markus@cvs.openbsd.org 2001/05/18 14:13:29
68fa858a 932 [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
5ba55ada 933 readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
934 improved kbd-interactive support. work by per@appgate.com and me
bc03d5aa 935 - djm@cvs.openbsd.org 2001/05/19 00:36:40
936 [session.c]
937 Disable X11 forwarding if xauth binary is not found. Patch from Nalin
938 Dahyabhai <nalin@redhat.com>; ok markus@
68fa858a 939 - markus@cvs.openbsd.org 2001/05/19 16:05:41
940 [scp.c]
3e4fc5f9 941 ftruncate() instead of open()+O_TRUNC like rcp.c does
68fa858a 942 allows scp /path/to/file localhost:/path/to/file
943 - markus@cvs.openbsd.org 2001/05/19 16:08:43
944 [sshd.8]
a18395da 945 sort options; Matthew.Stier@fnc.fujitsu.com
68fa858a 946 - markus@cvs.openbsd.org 2001/05/19 16:32:16
947 [ssh.1 sshconnect2.c]
948 change preferredauthentication order to
949 publickey,hostbased,password,keyboard-interactive
3398dda9 950 document that hostbased defaults to no, document order
47bf6266 951 - markus@cvs.openbsd.org 2001/05/19 16:46:19
68fa858a 952 [ssh.1 sshd.8]
953 document MACs defaults with .Dq
954 - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
955 [misc.c misc.h servconf.c sshd.8 sshd.c]
956 sshd command-line arguments and configuration file options that
957 specify time may be expressed using a sequence of the form:
e2b1fb42 958 time[qualifier], where time is a positive integer value and qualifier
68fa858a 959 is one of the following:
960 <none>,s,m,h,d,w
961 Examples:
962 600 600 seconds (10 minutes)
963 10m 10 minutes
964 1h30m 1 hour 30 minutes (90 minutes)
965 ok markus@
7e8c18e9 966 - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
68fa858a 967 [channels.c]
968 typo in error message
e697bda7 969 - markus@cvs.openbsd.org 2001/05/20 17:20:36
c8445989 970 [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
971 sshd_config]
68fa858a 972 configurable authorized_keys{,2} location; originally from peter@;
973 ok djm@
1ddf764b 974 - markus@cvs.openbsd.org 2001/05/24 11:12:42
68fa858a 975 [auth.c]
976 fix comment; from jakob@
977 - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
978 [clientloop.c readconf.c ssh.c ssh.h]
4bf9c10e 979 don't perform escape processing when ``EscapeChar none''; ok markus@
abe0fb9f 980 - markus@cvs.openbsd.org 2001/05/25 14:37:32
68fa858a 981 [ssh-keygen.c]
982 use -P for -e and -y, too.
63cd7dd0 983 - markus@cvs.openbsd.org 2001/05/28 08:04:39
68fa858a 984 [ssh.c]
985 fix usage()
986 - markus@cvs.openbsd.org 2001/05/28 10:08:55
987 [authfile.c]
eb2e1595 988 key_load_private: set comment to filename for PEM keys
2cf27bc4 989 - markus@cvs.openbsd.org 2001/05/28 22:51:11
68fa858a 990 [cipher.c cipher.h]
991 simpler 3des for ssh1
992 - markus@cvs.openbsd.org 2001/05/28 23:14:49
993 [channels.c channels.h nchan.c]
6fd8622b 994 undo broken channel fix and try a different one. there
68fa858a 995 should be still some select errors...
996 - markus@cvs.openbsd.org 2001/05/28 23:25:24
997 [channels.c]
998 cleanup, typo
08dcb5d7 999 - markus@cvs.openbsd.org 2001/05/28 23:58:35
68fa858a 1000 [packet.c packet.h sshconnect.c sshd.c]
1001 remove some lines, simplify.
a10bdd7c 1002 - markus@cvs.openbsd.org 2001/05/29 12:31:27
68fa858a 1003 [authfile.c]
1004 typo
5ba55ada 1005
5cde8062 100620010528
1007 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
1008 Patch by Corinna Vinschen <vinschen@redhat.com>
1009
362df52e 101020010517
1011 - OpenBSD CVS Sync
1012 - markus@cvs.openbsd.org 2001/05/12 19:53:13
1013 [sftp-server.c]
1014 readlink does not NULL-terminate; mhe@home.se
6efa3d14 1015 - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
1016 [ssh.1]
1017 X11 forwarding details improved
70ea8327 1018 - markus@cvs.openbsd.org 2001/05/16 20:51:57
1019 [authfile.c]
1020 return comments for private pem files, too; report from nolan@naic.edu
24b6b45f 1021 - markus@cvs.openbsd.org 2001/05/16 21:53:53
1022 [clientloop.c]
1023 check for open sessions before we call select(); fixes the x11 client
1024 bug reported by bowman@math.ualberta.ca
7231bd47 1025 - markus@cvs.openbsd.org 2001/05/16 22:09:21
1026 [channels.c nchan.c]
1027 more select() error fixes (don't set rfd/wfd to -1).
7043a38d 1028 - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
68fa858a 1029 - (bal) Corrected on_exit() emulation via atexit().
362df52e 1030
89aa792b 103120010512
1032 - OpenBSD CVS Sync
1033 - markus@cvs.openbsd.org 2001/05/11 14:59:56
1034 [clientloop.c misc.c misc.h]
1035 add unset_nonblock for stdout/err flushing in client_loop().
286e38f7 1036 - (bal) Patch to partial sync up contrib/solaris/ packaging software.
1037 Patch by pete <ninjaz@webexpress.com>
89aa792b 1038
97430469 103920010511
1040 - OpenBSD CVS Sync
1041 - markus@cvs.openbsd.org 2001/05/09 22:51:57
1042 [channels.c]
1043 fix -R for protocol 2, noticed by greg@nest.cx.
1044 bug was introduced with experimental dynamic forwarding.
a16092bb 1045 - markus@cvs.openbsd.org 2001/05/09 23:01:31
1046 [rijndael.h]
1047 fix prototype; J.S.Peatfield@damtp.cam.ac.uk
97430469 1048
588f4ed0 104920010509
1050 - OpenBSD CVS Sync
1051 - markus@cvs.openbsd.org 2001/05/06 21:23:31
1052 [cli.c]
1053 cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
d18e0850 1054 - markus@cvs.openbsd.org 2001/05/08 19:17:31
a01a10dd 1055 [channels.c serverloop.c clientloop.c]
d18e0850 1056 adds correct error reporting to async connect()s
68fa858a 1057 fixes the server-discards-data-before-connected-bug found by
d18e0850 1058 onoe@sm.sony.co.jp
8a624ebf 1059 - mouring@cvs.openbsd.org 2001/05/08 19:45:25
1060 [misc.c misc.h scp.c sftp.c]
1061 Use addargs() in sftp plus some clean up of addargs(). OK Markus
1b02d786 1062 - markus@cvs.openbsd.org 2001/05/06 21:45:14
1063 [clientloop.c]
68fa858a 1064 use atomicio for flushing stdout/stderr bufs. thanks to
1b02d786 1065 jbw@izanami.cee.hw.ac.uk
010980f6 1066 - markus@cvs.openbsd.org 2001/05/08 22:48:07
1067 [atomicio.c]
1068 no need for xmalloc.h, thanks to espie@
68fa858a 1069 - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
7e2d5fa4 1070 <wayne@blorf.net>
99c8ddac 1071 - (bal) ./configure support to disable SIA on OSF1. Patch by
1072 Chris Adams <cmadams@hiwaay.net>
68fa858a 1073 - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
b81c369b 1074 <nakaji@tutrp.tut.ac.jp>
588f4ed0 1075
7b22534a 107620010508
68fa858a 1077 - (bal) Fixed configure test for USE_SIA.
7b22534a 1078
94539b2a 107920010506
1080 - (djm) Update config.guess and config.sub with latest versions (from
1081 ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
1082 Suggested by Jason Mader <jason@ncac.gwu.edu>
96c63318 1083 - (bal) White Space and #ifdef sync with OpenBSD
044b0662 1084 - (bal) Add 'seed_rng()' to ssh-add.c
9e9bd8c0 1085 - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
cf7ff074 1086 - OpenBSD CVS Sync
1087 - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
1088 [sftp.1 ssh-add.1 ssh-keygen.1]
1089 typos, grammar
94539b2a 1090
98143cfc 109120010505
1092 - OpenBSD CVS Sync
1093 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
1094 [ssh.1 sshd.8]
1095 typos
5b9601c8 1096 - markus@cvs.openbsd.org 2001/05/04 14:34:34
1097 [channels.c]
94539b2a 1098 channel_new() reallocs channels[], we cannot use Channel *c after
1099 calling channel_new(), XXX fix this in the future...
719fc62f 1100 - markus@cvs.openbsd.org 2001/05/04 23:47:34
1101 [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
68fa858a 1102 move to Channel **channels (instead of Channel *channels), fixes realloc
1103 problems. channel_new now returns a Channel *, favour Channel * over
719fc62f 1104 channel id. remove old channel_allocate interface.
98143cfc 1105
f92fee1f 110620010504
1107 - OpenBSD CVS Sync
1108 - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
1109 [channels.c]
1110 typo in debug() string
503e7e5b 1111 - markus@cvs.openbsd.org 2001/05/03 15:45:15
1112 [session.c]
1113 exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
c98cab9b 1114 - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
1115 [servconf.c]
1116 remove "\n" from fatal()
1fcde3fe 1117 - mouring@cvs.openbsd.org 2001/05/03 23:09:53
1118 [misc.c misc.h scp.c sftp.c]
1119 Move colon() and cleanhost() to misc.c where I should I have put it in
1120 the first place
044aa419 1121 - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
c7ccfd39 1122 - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
1123 Patch by Egor Duda <deo@logos-m.ru>
f92fee1f 1124
065604bb 112520010503
1126 - OpenBSD CVS Sync
1127 - markus@cvs.openbsd.org 2001/05/02 16:41:20
1128 [ssh-add.c]
1129 fix prompt for ssh-add.
1130
742ee8f2 113120010502
1132 - OpenBSD CVS Sync
1133 - mouring@cvs.openbsd.org 2001/05/02 01:25:39
1134 [readpass.c]
1135 Put the 'const' back into ssh_askpass() function. Pointed out
1136 by Mark Miller <markm@swoon.net>. OK Markus
1137
3435f5a6 113820010501
1139 - OpenBSD CVS Sync
1140 - markus@cvs.openbsd.org 2001/04/30 11:18:52
1141 [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
1142 implement 'ssh -b bind_address' like 'telnet -b'
eef7adcb 1143 - markus@cvs.openbsd.org 2001/04/30 15:50:46
1144 [compat.c compat.h kex.c]
1145 allow interop with weaker key generation used by ssh-2.0.x, x < 10
ec430473 1146 - markus@cvs.openbsd.org 2001/04/30 16:02:49
1147 [compat.c]
1148 ssh-2.0.10 has the weak-key-bug, too.
3ca6cc45 1149 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
3435f5a6 1150
e8171bff 115120010430
39aefe7b 1152 - OpenBSD CVS Sync
1153 - markus@cvs.openbsd.org 2001/04/29 18:32:52
1154 [serverloop.c]
1155 fix whitespace
fbe90f7b 1156 - markus@cvs.openbsd.org 2001/04/29 19:16:52
1157 [channels.c clientloop.c compat.c compat.h serverloop.c]
1158 more ssh.com-2.0.x bug-compat; from per@appgate.com
e8171bff 1159 - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
0b47e48f 1160 - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
39aefe7b 1161
baf8c81a 116220010429
1163 - (bal) Updated INSTALL. PCRE moved to a new place.
e878ffe1 1164 - (djm) Release OpenSSH-2.9p1
baf8c81a 1165
0096ac62 116620010427
1167 - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
1168 patch based on 2.5.2 version by djm.
95595a77 1169 - (bal) Build manpages and config files once unless changed. Patch by
1170 Carson Gaspar <carson@taltos.org>
68fa858a 1171 - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
4a2df58f 1172 Vinschen <vinschen@redhat.com>
5ef815d7 1173 - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
1174 Pekka Savola <pekkas@netcore.fi>
68fa858a 1175 - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
229be2df 1176 <vinschen@redhat.com>
cc3ccfdc 1177 - (bal) version.h synced, RPM specs updated for 2.9
b1e2a48c 1178 - (tim) update contrib/caldera files with what Caldera is using.
1179 <sps@caldera.de>
0096ac62 1180
b587c165 118120010425
1182 - OpenBSD CVS Sync
1183 - markus@cvs.openbsd.org 2001/04/23 21:57:07
1184 [ssh-keygen.1 ssh-keygen.c]
1185 allow public key for -e, too
012bc0e1 1186 - markus@cvs.openbsd.org 2001/04/23 22:14:13
1187 [ssh-keygen.c]
1188 remove debug
f8252c48 1189 - (bal) Whitespace resync w/ OpenBSD for uidswap.c
10f72868 1190 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
68fa858a 1191 (default: off), implies KbdInteractiveAuthentication. Suggestion from
10f72868 1192 markus@
c2d059b5 1193 - (djm) Include crypt.h if available in auth-passwd.c
533875af 1194 - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
1195 man page detection fixes for SCO
b587c165 1196
da89cf4d 119720010424
1198 - OpenBSD CVS Sync
1199 - markus@cvs.openbsd.org 2001/04/22 23:58:36
1200 [ssh-keygen.1 ssh.1 sshd.8]
1201 document hostbased and other cleanup
5e29aeaf 1202 - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
3cc990d7 1203 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
68fa858a 1204 - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
d8e76a0a 1205 <dan@mesastate.edu>
3644dc25 1206 - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
da89cf4d 1207
a3626e12 120820010422
1209 - OpenBSD CVS Sync
1210 - markus@cvs.openbsd.org 2001/04/20 16:32:22
1211 [uidswap.c]
1212 set non-privileged gid before uid; tholo@ and deraadt@
1a726b04 1213 - mouring@cvs.openbsd.org 2001/04/21 00:55:57
1214 [sftp.1]
1215 Spelling
67b964a1 1216 - djm@cvs.openbsd.org 2001/04/22 08:13:30
1217 [ssh.1]
1218 typos spotted by stevesk@; ok deraadt@
ba917921 1219 - markus@cvs.openbsd.org 2001/04/22 12:34:05
1220 [scp.c]
1221 scp > 2GB; niles@scyld.com; ok deraadt@, djm@
5deceabb 1222 - markus@cvs.openbsd.org 2001/04/22 13:25:37
1223 [ssh-keygen.1 ssh-keygen.c]
1224 rename arguments -x -> -e (export key), -X -> -i (import key)
1225 xref draft-ietf-secsh-publickeyfile-01.txt
2cad6cef 1226 - markus@cvs.openbsd.org 2001/04/22 13:32:27
1227 [sftp-server.8 sftp.1 ssh.1 sshd.8]
1228 xref draft-ietf-secsh-*
bcaa828e 1229 - markus@cvs.openbsd.org 2001/04/22 13:41:02
1230 [ssh-keygen.1 ssh-keygen.c]
1231 style, noted by stevesk; sort flags in usage
a3626e12 1232
df841692 123320010421
1234 - OpenBSD CVS Sync
1235 - djm@cvs.openbsd.org 2001/04/20 07:17:51
1236 [clientloop.c ssh.1]
1237 Split out and improve escape character documentation, mention ~R in
1238 ~? help text; ok markus@
0e7e0abe 1239 - Update RPM spec files for CVS version.h
1ddee76b 1240 - (stevesk) set the default PAM service name to __progname instead
1241 of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
4b28be2c 1242 - (stevesk) document PAM service name change in INSTALL
13dd877b 1243 - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
1244 fix perl test, fix nroff test, fix Makefile to build outside source tree
df841692 1245
05cc0c99 124620010420
68fa858a 1247 - OpenBSD CVS Sync
05cc0c99 1248 - ian@cvs.openbsd.org 2001/04/18 16:21:05
68fa858a 1249 [ssh-keyscan.1]
1250 Fix typo reported in PR/1779
1251 - markus@cvs.openbsd.org 2001/04/18 21:57:42
1252 [readpass.c ssh-add.c]
561e5254 1253 call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
68fa858a 1254 - markus@cvs.openbsd.org 2001/04/18 22:03:45
1255 [auth2.c sshconnect2.c]
f98c3421 1256 use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
57a5edd8 1257 - markus@cvs.openbsd.org 2001/04/18 22:48:26
68fa858a 1258 [auth2.c]
1259 no longer const
1260 - markus@cvs.openbsd.org 2001/04/18 23:43:26
1261 [auth2.c compat.c sshconnect2.c]
1262 more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
8dddf799 1263 (however the 2.1.0 server seems to work only if debug is enabled...)
ae88ea7e 1264 - markus@cvs.openbsd.org 2001/04/18 23:44:51
68fa858a 1265 [authfile.c]
1266 error->debug; noted by fries@
1267 - markus@cvs.openbsd.org 2001/04/19 00:05:11
1268 [auth2.c]
1269 use local variable, no function call needed.
5cf13595 1270 (btw, hostbased works now with ssh.com >= 2.0.13)
431a2493 1271 - (bal) Put scp-common.h back into scp.c (it exists in the upstream
1272 tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
05cc0c99 1273
e78e738a 127420010418
68fa858a 1275 - OpenBSD CVS Sync
e78e738a 1276 - markus@cvs.openbsd.org 2001/04/17 19:34:25
3a83b819 1277 [session.c]
1278 move auth_approval to do_authenticated().
1279 do_child(): nuke hostkeys from memory
1280 don't source .ssh/rc for subsystems.
1281 - markus@cvs.openbsd.org 2001/04/18 14:15:00
1282 [canohost.c]
1283 debug->debug3
ce2af031 1284 - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
1285 be working again.
e0c4d3ac 1286 - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
1287 Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
3a83b819 1288
8c6b78e4 128920010417
1290 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
6d165a89 1291 and temporary commented out 'catman-do:' since it is broken. Patches
8c6b78e4 1292 for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a88b7b57 1293 - OpenBSD CVS Sync
53b8fe68 1294 - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
1295 [key.c]
1296 better safe than sorry in later mods; yongari@kt-is.co.kr
1297 - markus@cvs.openbsd.org 2001/04/17 08:14:01
1298 [sshconnect1.c]
1299 check for key!=NULL, thanks to costa
1300 - markus@cvs.openbsd.org 2001/04/17 09:52:48
1301 [clientloop.c]
cf6bc93c 1302 handle EINTR/EAGAIN on read; ok deraadt@
53b8fe68 1303 - markus@cvs.openbsd.org 2001/04/17 10:53:26
1304 [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
e961a8f9 1305 add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
53b8fe68 1306 - markus@cvs.openbsd.org 2001/04/17 12:55:04
1307 [channels.c ssh.c]
1308 undo socks5 and https support since they are not really used and
1309 only bloat ssh. remove -D from usage(), since '-D' is experimental.
1310
e4664c3e 131120010416
1312 - OpenBSD CVS Sync
1313 - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
1314 [ttymodes.c]
1315 fix comments
ec1f12d3 1316 - markus@cvs.openbsd.org 2001/04/15 08:43:47
1317 [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
1318 some unused variable and typos; from tomh@po.crl.go.jp
58cfa257 1319 - markus@cvs.openbsd.org 2001/04/15 16:58:03
1320 [authfile.c ssh-keygen.c sshd.c]
1321 don't use errno for key_{load,save}_private; discussion w/ solar@openwall
e968270c 1322 - markus@cvs.openbsd.org 2001/04/15 17:16:00
1323 [clientloop.c]
1324 set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
1325 should fix some of the blocking problems for rsync over SSH-1
84fc17bf 1326 - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
1327 [sshd.8]
1328 some ClientAlive cleanup; ok markus@
b7c70970 1329 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
1330 [readconf.c servconf.c]
1331 use fatal() or error() vs. fprintf(); ok markus@
5d97cfbf 1332 - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
1333 Roth <roth+openssh@feep.net>
6023325e 1334 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
47b53518 1335 - (djm) OpenBSD CVS Sync
1336 - mouring@cvs.openbsd.org 2001/04/16 02:31:44
1337 [scp.c sftp.c]
1338 IPv6 support for sftp (which I bungled in my last patch) which is
1339 borrowed from scp.c. Thanks to Markus@ for pointing it out.
764291b3 1340 - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
1341 [xmalloc.c]
1342 xrealloc dealing with ptr == nULL; mouring
f2c2fd71 1343 - djm@cvs.openbsd.org 2001/04/16 08:19:31
1344 [session.c]
68fa858a 1345 Split motd and hushlogin checks into seperate functions, helps for
f2c2fd71 1346 portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
68fa858a 1347 - Fix OSF SIA support displaying too much information for quiet
1348 logins and logins where access was denied by SIA. Patch from Chris Adams
c96a4aaf 1349 <cmadams@hiwaay.net>
e4664c3e 1350
f03228b1 135120010415
1352 - OpenBSD CVS Sync
1353 - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
1354 [ssh-add.c]
1355 do not double free
9cf972fa 1356 - markus@cvs.openbsd.org 2001/04/14 16:17:14
1357 [channels.c]
1358 remove some channels that are not appropriate for keepalive.
eae942e2 1359 - markus@cvs.openbsd.org 2001/04/14 16:27:57
1360 [ssh-add.c]
1361 use clear_pass instead of xfree()
30dcc918 1362 - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
1363 [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
1364 protocol 2 tty modes support; ok markus@
36967a16 1365 - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
1366 [scp.c]
1367 'T' handling rcp/scp sync; ok markus@
e4664c3e 1368 - Missed sshtty.[ch] in Sync.
f03228b1 1369
e400a640 137020010414
1371 - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
68fa858a 1372 - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
fe56c12b 1373 <vinschen@redhat.com>
3ffc6336 1374 - OpenBSD CVS Sync
1375 - beck@cvs.openbsd.org 2001/04/13 22:46:54
1376 [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
1377 Add options ClientAliveInterval and ClientAliveCountMax to sshd.
1378 This gives the ability to do a "keepalive" via the encrypted channel
1379 which can't be spoofed (unlike TCP keepalives). Useful for when you want
1380 to use ssh connections to authenticate people for something, and know
1381 relatively quickly when they are no longer authenticated. Disabled
1382 by default (of course). ok markus@
e400a640 1383
cc44f691 138420010413
68fa858a 1385 - OpenBSD CVS Sync
1386 - markus@cvs.openbsd.org 2001/04/12 14:29:09
1387 [ssh.c]
1388 show debug output during option processing, report from
cc44f691 1389 pekkas@netcore.fi
8002af61 1390 - markus@cvs.openbsd.org 2001/04/12 19:15:26
68fa858a 1391 [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
1392 compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
1393 servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
8002af61 1394 sshconnect2.c sshd_config]
1395 implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
1396 similar to RhostRSAAuthentication unless you enable (the experimental)
1397 HostbasedUsesNameFromPacketOnly option. please test. :)
0140e66a 1398 - markus@cvs.openbsd.org 2001/04/12 19:39:27
1399 [readconf.c]
1400 typo
2d2a2c65 1401 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
1402 [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
1403 robust port validation; ok markus@ jakob@
edeeab1e 1404 - mouring@cvs.openbsd.org 2001/04/12 23:17:54
1405 [sftp-int.c sftp-int.h sftp.1 sftp.c]
1406 Add support for:
1407 sftp [user@]host[:file [file]] - Fetch remote file(s)
1408 sftp [user@]host[:dir[/]] - Start in remote dir/
1409 OK deraadt@
57aa8961 1410 - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
1411 [ssh.c]
1412 missing \n in error message
96f8b59f 1413 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
1414 lack it.
cc44f691 1415
28b9cb4d 141620010412
68fa858a 1417 - OpenBSD CVS Sync
28b9cb4d 1418 - markus@cvs.openbsd.org 2001/04/10 07:46:58
68fa858a 1419 [channels.c]
1420 cleanup socks4 handling
1421 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
c0ecc314 1422 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
68fa858a 1423 document id_rsa{.pub,}. markus ok
070adba2 1424 - markus@cvs.openbsd.org 2001/04/10 12:15:23
68fa858a 1425 [channels.c]
1426 debug cleanup
45a2e669 1427 - djm@cvs.openbsd.org 2001/04/11 07:06:22
1428 [sftp-int.c]
1429 'mget' and 'mput' aliases; ok markus@
6031af8d 1430 - markus@cvs.openbsd.org 2001/04/11 10:59:01
1431 [ssh.c]
1432 use strtol() for ports, thanks jakob@
6683b40f 1433 - markus@cvs.openbsd.org 2001/04/11 13:56:13
1434 [channels.c ssh.c]
1435 https-connect and socks5 support. i feel so bad.
ff14faf1 1436 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
1437 [sshd.8 sshd.c]
1438 implement the -e option into sshd:
1439 -e When this option is specified, sshd will send the output to the
1440 standard error instead of the system log.
1441 markus@ OK.
28b9cb4d 1442
0a85ab61 144320010410
1444 - OpenBSD CVS Sync
1445 - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
1446 [sftp.c]
1447 do not modify an actual argv[] entry
b2ae83b8 1448 - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
1449 [sshd.8]
1450 spelling
317611b5 1451 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
1452 [sftp.1]
1453 spelling
a8666d84 1454 - markus@cvs.openbsd.org 2001/04/09 15:12:23
1455 [ssh-add.c]
1456 passphrase caching: ssh-add tries last passphrase, clears passphrase if
1457 not successful and after last try.
1458 based on discussions with espie@, jakob@, ... and code from jakob@ and
1459 wolfgang@wsrcc.com
49ae4185 1460 - markus@cvs.openbsd.org 2001/04/09 15:19:49
1461 [ssh-add.1]
1462 ssh-add retries the last passphrase...
b8a297f1 1463 - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
1464 [sshd.8]
1465 ListenAddress mandoc from aaron@
0a85ab61 1466
6e9944b8 146720010409
febd3f8e 1468 - (stevesk) use setresgid() for setegid() if needed
26de7942 1469 - (stevesk) configure.in: typo
6e9944b8 1470 - OpenBSD CVS Sync
1471 - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
1472 [sshd.8]
1473 document ListenAddress addr:port
d64050ef 1474 - markus@cvs.openbsd.org 2001/04/08 13:03:00
1475 [ssh-add.c]
1476 init pointers with NULL, thanks to danimal@danimal.org
d0a4c20b 1477 - markus@cvs.openbsd.org 2001/04/08 11:27:33
1478 [clientloop.c]
1479 leave_raw_mode if ssh2 "session" is closed
63bd8c36 1480 - markus@cvs.openbsd.org 2001/04/06 21:00:17
1481 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
1482 ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
1483 do gid/groups-swap in addition to uid-swap, should help if /home/group
1484 is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
1485 to olar@openwall.com is comments. we had many requests for this.
0490e609 1486 - markus@cvs.openbsd.org 2001/04/07 08:55:18
1487 [buffer.c channels.c channels.h readconf.c ssh.c]
68fa858a 1488 allow the ssh client act as a SOCKS4 proxy (dynamic local
1489 portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
1490 thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
0490e609 1491 netscape use localhost:1080 as a socks proxy.
d98d029a 1492 - markus@cvs.openbsd.org 2001/04/08 11:24:33
1493 [uidswap.c]
1494 KNF
6e9944b8 1495
d9d49fdb 149620010408
1497 - OpenBSD CVS Sync
1498 - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
1499 [hostfile.c]
1500 unused; typo in comment
d11c1288 1501 - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
1502 [servconf.c]
1503 in addition to:
1504 ListenAddress host|ipv4_addr|ipv6_addr
1505 permit:
1506 ListenAddress [host|ipv4_addr|ipv6_addr]:port
1507 ListenAddress host|ipv4_addr:port
1508 sshd.8 updates coming. ok markus@
d9d49fdb 1509
613fc910 151020010407
1511 - (bal) CVS ID Resync of version.h
cc94bd38 1512 - OpenBSD CVS Sync
1513 - markus@cvs.openbsd.org 2001/04/05 23:39:20
1514 [serverloop.c]
1515 keep the ssh session even if there is no active channel.
1516 this is more in line with the protocol spec and makes
1517 ssh -N -L 1234:server:110 host
1518 more useful.
1519 based on discussion with <mats@mindbright.se> long time ago
1520 and recent mail from <res@shore.net>
0fc791ba 1521 - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
1522 [scp.c]
1523 remove trailing / from source paths; fixes pr#1756
68fa858a 1524
63f7e231 152520010406
1526 - (stevesk) logintest.c: fix for systems without __progname
72170131 1527 - (stevesk) Makefile.in: log.o is in libssh.a
d8a2f554 1528 - OpenBSD CVS Sync
1529 - markus@cvs.openbsd.org 2001/04/05 10:00:06
1530 [compat.c]
1531 2.3.x does old GEX, too; report jakob@
6ba22c93 1532 - markus@cvs.openbsd.org 2001/04/05 10:39:03
1533 [compress.c compress.h packet.c]
1534 reset compress state per direction when rekeying.
3667ba79 1535 - markus@cvs.openbsd.org 2001/04/05 10:39:48
1536 [version.h]
1537 temporary version 2.5.4 (supports rekeying).
1538 this is not an official release.
cd332296 1539 - markus@cvs.openbsd.org 2001/04/05 10:42:57
68fa858a 1540 [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
1541 mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
1542 sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
cd332296 1543 sshconnect2.c sshd.c]
1544 fix whitespace: unexpand + trailing spaces.
255cfda1 1545 - markus@cvs.openbsd.org 2001/04/05 11:09:17
1546 [clientloop.c compat.c compat.h]
1547 add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
b4a19d21 1548 - markus@cvs.openbsd.org 2001/04/05 15:45:43
1549 [ssh.1]
1550 ssh defaults to protocol v2; from quisar@quisar.ambre.net
46e3af7f 1551 - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
1552 [canohost.c canohost.h session.c]
1553 move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
54506d2e 1554 - markus@cvs.openbsd.org 2001/04/05 20:01:10
1555 [clientloop.c]
1556 for ~R print message if server does not support rekeying. (and fix ~R).
b37caf1a 1557 - markus@cvs.openbsd.org 2001/04/05 21:02:46
1558 [buffer.c]
1559 better error message
eb0dd41f 1560 - markus@cvs.openbsd.org 2001/04/05 21:05:24
1561 [clientloop.c ssh.c]
1562 don't request a session for 'ssh -N', pointed out slade@shore.net
63f7e231 1563
d8ee838b 156420010405
68fa858a 1565 - OpenBSD CVS Sync
1566 - markus@cvs.openbsd.org 2001/04/04 09:48:35
d8ee838b 1567 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
68fa858a 1568 don't sent multiple kexinit-requests.
1569 send newkeys, block while waiting for newkeys.
1570 fix comments.
1571 - markus@cvs.openbsd.org 2001/04/04 14:34:58
1572 [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
1573 enable server side rekeying + some rekey related clientup.
7a37c112 1574 todo: we should not send any non-KEX messages after we send KEXINIT
5adb303f 1575 - markus@cvs.openbsd.org 2001/04/04 15:50:55
1576 [compat.c]
1577 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
c422989b 1578 - markus@cvs.openbsd.org 2001/04/04 20:25:38
68fa858a 1579 [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
c422989b 1580 sshconnect2.c sshd.c]
1581 more robust rekeying
1582 don't send channel data after rekeying is started.
0715ec6c 1583 - markus@cvs.openbsd.org 2001/04/04 20:32:56
1584 [auth2.c]
1585 we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
bbb4cc1b 1586 - markus@cvs.openbsd.org 2001/04/04 22:04:35
1587 [kex.c kexgex.c serverloop.c]
1588 parse full kexinit packet.
1589 make server-side more robust, too.
a7ca6275 1590 - markus@cvs.openbsd.org 2001/04/04 23:09:18
1591 [dh.c kex.c packet.c]
1592 clear+free keys,iv for rekeying.
1593 + fix DH mem leaks. ok niels@
86c9e193 1594 - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
1595 BROKEN_VHANGUP
d8ee838b 1596
9d451c5a 159720010404
1598 - OpenBSD CVS Sync
1599 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
1600 [ssh-agent.1]
1601 grammar; slade@shore.net
894c5fa6 1602 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
1603 [sftp-glob.c ssh-agent.c ssh-keygen.c]
1604 free() -> xfree()
a5c9ffdb 1605 - markus@cvs.openbsd.org 2001/04/03 19:53:29
1606 [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
1607 move kex to kex*.c, used dispatch_set() callbacks for kex. should
1608 make rekeying easier.
3463ff28 1609 - todd@cvs.openbsd.org 2001/04/03 21:19:38
1610 [ssh_config]
1611 id_rsa1/2 -> id_rsa; ok markus@
d1ac6175 1612 - markus@cvs.openbsd.org 2001/04/03 23:32:12
1613 [kex.c kex.h packet.c sshconnect2.c sshd.c]
1614 undo parts of recent my changes: main part of keyexchange does not
1615 need dispatch-callbacks, since application data is delayed until
1616 the keyexchange completes (if i understand the drafts correctly).
1617 add some infrastructure for re-keying.
e092ce67 1618 - markus@cvs.openbsd.org 2001/04/04 00:06:54
1619 [clientloop.c sshconnect2.c]
1620 enable client rekeying
1621 (1) force rekeying with ~R, or
1622 (2) if the server requests rekeying.
1623 works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
0bc35151 1624 - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
9d451c5a 1625
672f212f 162620010403
1627 - OpenBSD CVS Sync
1628 - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
1629 [sshd.8]
1630 typo; ok markus@
6be9a5e8 1631 - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
1632 [readconf.c servconf.c]
1633 correct comment; ok markus@
fe39c3df 1634 - (stevesk) nchan.c: remove ostate checks and add EINVAL to
1635 shutdown(SHUT_RD) error() bypass for HP-UX.
672f212f 1636
0be033ea 163720010402
1638 - (stevesk) log.c openbsd sync; missing newlines
5d9e4c8d 1639 - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
0be033ea 1640
b7a2a476 164120010330
1642 - (djm) Another openbsd-compat/glob.c sync
4047d868 1643 - (djm) OpenBSD CVS Sync
1644 - provos@cvs.openbsd.org 2001/03/28 21:59:41
1645 [kex.c kex.h sshconnect2.c sshd.c]
1646 forgot to include min and max params in hash, okay markus@
c8682232 1647 - provos@cvs.openbsd.org 2001/03/28 22:04:57
1648 [dh.c]
1649 more sanity checking on primes file
d9cd3575 1650 - markus@cvs.openbsd.org 2001/03/28 22:43:31
1651 [auth.h auth2.c auth2-chall.c]
1652 check auth_root_allowed for kbd-int auth, too.
86b878d5 1653 - provos@cvs.openbsd.org 2001/03/29 14:24:59
1654 [sshconnect2.c]
1655 use recommended defaults
1ad64a93 1656 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
1657 [sshconnect2.c sshd.c]
1658 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
03b8f8be 1659 - markus@cvs.openbsd.org 2001/03/29 21:17:40
1660 [dh.c dh.h kex.c kex.h]
1661 prepare for rekeying: move DH code to dh.c
76ca7b01 1662 - djm@cvs.openbsd.org 2001/03/29 23:42:01
1663 [sshd.c]
1664 Protocol 1 key regeneration log => verbose, some KNF; ok markus@
b7a2a476 1665
01ce749f 166620010329
1667 - OpenBSD CVS Sync
1668 - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
1669 [ssh.1]
1670 document more defaults; misc. cleanup. ok markus@
569807fb 1671 - markus@cvs.openbsd.org 2001/03/26 23:12:42
1672 [authfile.c]
1673 KNF
457fc0c6 1674 - markus@cvs.openbsd.org 2001/03/26 23:23:24
1675 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
1676 try to read private f-secure ssh v2 rsa keys.
1a92bd7e 1677 - markus@cvs.openbsd.org 2001/03/27 10:34:08
1678 [ssh-rsa.c sshd.c]
1679 use EVP_get_digestbynid, reorder some calls and fix missing free.
a4da628b 1680 - markus@cvs.openbsd.org 2001/03/27 10:57:00
1681 [compat.c compat.h ssh-rsa.c]
1682 some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
1683 signatures in SSH protocol 2, ok djm@
db1cd2f3 1684 - provos@cvs.openbsd.org 2001/03/27 17:46:50
1685 [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
1686 make dh group exchange more flexible, allow min and max group size,
1687 okay markus@, deraadt@
e5ff6ecf 1688 - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
1689 [scp.c]
1690 start to sync scp closer to rcp; ok markus@
03cb2621 1691 - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
1692 [scp.c]
1693 usage more like rcp and add missing -B to usage; ok markus@
563834bb 1694 - markus@cvs.openbsd.org 2001/03/28 20:50:45
1695 [sshd.c]
1696 call refuse() before close(); from olemx@ans.pl
01ce749f 1697
b5b68128 169820010328
68fa858a 1699 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
1700 resolve linking conflicts with libcrypto. Report and suggested fix
b5b68128 1701 from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
edbe6722 1702 - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
1703 fix from Philippe Levan <levan@epix.net>
cccfea16 1704 - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
1705 doesn't work because of conflicts between krbIV's and OpenSSL's des.h
8d0cc79b 1706 - (djm) Sync openbsd-compat/glob.c
b5b68128 1707
0c90b590 170820010327
1709 - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
68fa858a 1710 - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
60a8683f 1711 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
690d0d7f 1712 - OpenBSD CVS Sync
1713 - djm@cvs.openbsd.org 2001/03/25 00:01:34
1714 [session.c]
1715 shorten; ok markus@
4f4648f9 1716 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
1717 [servconf.c servconf.h session.c sshd.8 sshd_config]
1718 PrintLastLog option; from chip@valinux.com with some minor
1719 changes by me. ok markus@
9afbfcfa 1720 - markus@cvs.openbsd.org 2001/03/26 08:07:09
68fa858a 1721 [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
9afbfcfa 1722 sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
1723 simpler key load/save interface, see authfile.h
68fa858a 1724 - (djm) Reestablish PAM credentials (which can be supplemental group
9afbfcfa 1725 memberships) after initgroups() blows them away. Report and suggested
1726 fix from Nalin Dahyabhai <nalin@redhat.com>
0c90b590 1727
b567a40c 172820010324
1729 - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
80cd07ae 1730 - OpenBSD CVS Sync
1731 - djm@cvs.openbsd.org 2001/03/23 11:04:07
1732 [compat.c compat.h sshconnect2.c sshd.c]
1733 Compat for OpenSSH with broken Rijndael/AES. ok markus@
7af9f7f8 1734 - markus@cvs.openbsd.org 2001/03/23 12:02:49
1735 [auth1.c]
1736 authctxt is now passed to do_authenticated
e285053e 1737 - markus@cvs.openbsd.org 2001/03/23 13:10:57
1738 [sftp-int.c]
1739 fix put, upload to _absolute_ path, ok djm@
1d3c30db 1740 - markus@cvs.openbsd.org 2001/03/23 14:28:32
1741 [session.c sshd.c]
1742 ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
8ca3f6dc 1743 - (djm) Pull out our own SIGPIPE hacks
b567a40c 1744
8a169574 174520010323
68fa858a 1746 - OpenBSD CVS Sync
8a169574 1747 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
68fa858a 1748 [sshd.c]
1749 do not place linefeeds in buffer
8a169574 1750
ee110bfb 175120010322
1752 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
289ba62e 1753 - (bal) version.c CVS ID resync
a5b09902 1754 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
1755 resync
ae7242ef 1756 - (bal) scp.c CVS ID resync
3e587cc3 1757 - OpenBSD CVS Sync
1758 - markus@cvs.openbsd.org 2001/03/20 19:10:16
1759 [readconf.c]
1760 default to SSH protocol version 2
e5d7a405 1761 - markus@cvs.openbsd.org 2001/03/20 19:21:21
1762 [session.c]
1763 remove unused arg
39f7530f 1764 - markus@cvs.openbsd.org 2001/03/20 19:21:21
1765 [session.c]
1766 remove unused arg
bb5639fe 1767 - markus@cvs.openbsd.org 2001/03/21 11:43:45
1768 [auth1.c auth2.c session.c session.h]
1769 merge common ssh v1/2 code
5e7cb456 1770 - jakob@cvs.openbsd.org 2001/03/21 14:20:45
1771 [ssh-keygen.c]
1772 add -B flag to usage
ca4df544 1773 - markus@cvs.openbsd.org 2001/03/21 21:06:30
1774 [session.c]
1775 missing init; from mib@unimelb.edu.au
ee110bfb 1776
f5f6020e 177720010321
68fa858a 1778 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
f5f6020e 1779 VanDevender <stevev@darkwing.uoregon.edu>
37eadb90 1780 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
1781 from Solar Designer <solar@openwall.com>
0a3700ee 1782 - (djm) Don't loop forever when changing password via PAM. Patch
1783 from Solar Designer <solar@openwall.com>
0c13ffa2 1784 - (djm) Generate config files before build
7a7101ec 1785 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
1786 suggested fix from Mike Battersby <mib@unimelb.edu.au>
f5f6020e 1787
8d539493 178820010320
01022caf 1789 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
1790 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
1620233b 1791 - (bal) Oops. Missed globc.h change (OpenBSD CVS).
614dee3a 1792 - (djm) OpenBSD CVS Sync
1793 - markus@cvs.openbsd.org 2001/03/19 17:07:23
1794 [auth.c readconf.c]
1795 undo /etc/shell and proto 2,1 change for openssh-2.5.2
3dd16786 1796 - markus@cvs.openbsd.org 2001/03/19 17:12:10
1797 [version.h]
1798 version 2.5.2
ea44783f 1799 - (djm) Update RPM spec version
1800 - (djm) Release 2.5.2p1
3743cc2f 1801- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
1802 change S_ISLNK macro to work for UnixWare 2.03
9887f269 1803- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
1804 add get_arg_max(). Use sysconf() if ARG_MAX is not defined
8d539493 1805
e339aa53 180620010319
68fa858a 1807 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
e339aa53 1808 do it implicitly.
7cdb79d4 1809 - (djm) Add getusershell() functions from OpenBSD CVS
b1ed8313 1810 - OpenBSD CVS Sync
1811 - markus@cvs.openbsd.org 2001/03/18 12:07:52
1812 [auth-options.c]
1813 ignore permitopen="host:port" if AllowTcpForwarding==no
f8f230bf 1814 - (djm) Make scp work on systems without 64-bit ints
2538ecf1 1815 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
1816 move HAVE_LONG_LONG_INT where it works
d1581d5f 1817 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
107628c0 1818 stuff. Change suggested by Mark Miller <markm@swoon.net>
d1581d5f 1819 - (bal) Small fix to scp. %lu vs %ld
68fa858a 1820 - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
bb6da70f 1821 - (djm) OpenBSD CVS Sync
1822 - djm@cvs.openbsd.org 2001/03/19 03:52:51
1823 [sftp-client.c]
1824 Report ssh connection closing correctly; ok deraadt@
3a1c54d4 1825 - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
1826 [compat.c compat.h sshd.c]
68fa858a 1827 specifically version match on ssh scanners. do not log scan
3a1c54d4 1828 information to the console
dc504afd 1829 - djm@cvs.openbsd.org 2001/03/19 12:10:17
db4d3098 1830 [sshd.8]
dc504afd 1831 Document permitopen authorized_keys option; ok markus@
babd91d4 1832 - djm@cvs.openbsd.org 2001/03/19 05:49:52
1833 [ssh.1]
1834 document PreferredAuthentications option; ok markus@
05c64611 1835 - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
e339aa53 1836
ec0ad9c2 183720010318
68fa858a 1838 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
ec0ad9c2 1839 size not delimited" fatal errors when tranfering.
5cc8d4ad 1840 - OpenBSD CVS Sync
1841 - markus@cvs.openbsd.org 2001/03/17 17:27:59
1842 [auth.c]
1843 check /etc/shells, too
7411201c 1844 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
1845 openbsd-compat/fake-regex.h
ec0ad9c2 1846
8a968c25 184720010317
68fa858a 1848 - Support usrinfo() on AIX. Based on patch from Gert Doering
8a968c25 1849 <gert@greenie.muc.de>
bf1d27bd 1850 - OpenBSD CVS Sync
1851 - markus@cvs.openbsd.org 2001/03/15 15:05:59
1852 [scp.c]
1853 use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
56b3e9ce 1854 - markus@cvs.openbsd.org 2001/03/15 22:07:08
1855 [session.c]
1856 pass Session to do_child + KNF
d50d9b63 1857 - djm@cvs.openbsd.org 2001/03/16 08:16:18
1858 [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
1859 Revise globbing for get/put to be more shell-like. In particular,
1860 "get/put file* directory/" now works. ok markus@
f55d1b5f 1861 - markus@cvs.openbsd.org 2001/03/16 09:55:53
1862 [sftp-int.c]
1863 fix memset and whitespace
6a8496e4 1864 - markus@cvs.openbsd.org 2001/03/16 13:44:24
1865 [sftp-int.c]
1866 discourage strcat/strcpy
01794848 1867 - markus@cvs.openbsd.org 2001/03/16 19:06:30
1868 [auth-options.c channels.c channels.h serverloop.c session.c]
1869 implement "permitopen" key option, restricts -L style forwarding to
1870 to specified host:port pairs. based on work by harlan@genua.de
68fa858a 1871 - Check for gl_matchc support in glob_t and fall back to the
40849fdb 1872 openbsd-compat/glob.[ch] support if it does not exist.
8a968c25 1873
4cb5d598 187420010315
1875 - OpenBSD CVS Sync
1876 - markus@cvs.openbsd.org 2001/03/14 08:57:14
1877 [sftp-client.c]
1878 Wall
85cf5827 1879 - markus@cvs.openbsd.org 2001/03/14 15:15:58
1880 [sftp-int.c]
1881 add version command
61b3a2bc 1882 - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
1883 [sftp-server.c]
1884 note no getopt()
51e2fc8f 1885 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
68fa858a 1886 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
4cb5d598 1887
acc9d6d7 188820010314
1889 - OpenBSD CVS Sync
85cf5827 1890 - markus@cvs.openbsd.org 2001/03/13 17:34:42
1891 [auth-options.c]
1892 missing xfree, deny key on parse error; ok stevesk@
1893 - djm@cvs.openbsd.org 2001/03/13 22:42:54
1894 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
1895 sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
84ceda19 1896 - (bal) Fix strerror() in bsd-misc.c
1897 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
1898 missing or lacks the GLOB_ALTDIRFUNC extension
68fa858a 1899 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
84ceda19 1900 relatively. Avoids conflict between glob.h and /usr/include/glob.h
acc9d6d7 1901
22138a36 190220010313
1903 - OpenBSD CVS Sync
1904 - markus@cvs.openbsd.org 2001/03/12 22:02:02
1905 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
1906 remove old key_fingerprint interface, s/_ex//
1907
539af7f5 190820010312
1909 - OpenBSD CVS Sync
1910 - markus@cvs.openbsd.org 2001/03/11 13:25:36
1911 [auth2.c key.c]
1912 debug
301e8e5b 1913 - jakob@cvs.openbsd.org 2001/03/11 15:03:16
1914 [key.c key.h]
1915 add improved fingerprint functions. based on work by Carsten
1916 Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
954f0550 1917 - jakob@cvs.openbsd.org 2001/03/11 15:04:16
1918 [ssh-keygen.1 ssh-keygen.c]
1919 print both md5, sha1 and bubblebabble fingerprints when using
1920 ssh-keygen -l -v. ok markus@.
08345971 1921 - jakob@cvs.openbsd.org 2001/03/11 15:13:09
1922 [key.c]
1923 cleanup & shorten some var names key_fingerprint_bubblebabble.
64b1aa3b 1924 - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
1925 [ssh-keygen.c]
1926 KNF, and SHA1 binary output is just creeping featurism
733cf7f4 1927 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
1928 test if snprintf() supports %ll
1929 add /dev to search path for PRNGD/EGD socket
1930 fix my mistake in USER_PATH test program
79c9ac1b 1931 - OpenBSD CVS Sync
1932 - markus@cvs.openbsd.org 2001/03/11 18:29:51
1933 [key.c]
1934 style+cleanup
aaf45d87 1935 - markus@cvs.openbsd.org 2001/03/11 22:33:24
1936 [ssh-keygen.1 ssh-keygen.c]
1937 remove -v again. use -B instead for bubblebabble. make -B consistent
1938 with -l and make -B work with /path/to/known_hosts. ok deraadt@
a0322342 1939 - (djm) Bump portable version number for generating test RPMs
94dd09e3 1940 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
68fa858a 1941 - (bal) Reorder includes in Makefile.
539af7f5 1942
d156519a 194320010311
1944 - OpenBSD CVS Sync
1945 - markus@cvs.openbsd.org 2001/03/10 12:48:27
1946 [sshconnect2.c]
1947 ignore nonexisting private keys; report rjmooney@mediaone.net
5e36d59c 1948 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
1949 [readconf.c ssh_config]
1950 default to SSH2, now that m68k runs fast
2f778758 1951 - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
1952 [ttymodes.c ttymodes.h]
1953 remove unused sgtty macros; ok markus@
99c415db 1954 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
1955 [compat.c compat.h sshconnect.c]
1956 all known netscreen ssh versions, and older versions of OSU ssh cannot
1957 handle password padding (newer OSU is fixed)
456fce50 1958 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
1959 make sure $bindir is in USER_PATH so scp will work
cab80f75 1960 - OpenBSD CVS Sync
1961 - markus@cvs.openbsd.org 2001/03/10 17:51:04
1962 [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
1963 add PreferredAuthentications
d156519a 1964
1c9a907f 196520010310
1966 - OpenBSD CVS Sync
1967 - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
1968 [ssh-keygen.c]
68fa858a 1969 create *.pub files with umask 0644, so that you can mv them to
1c9a907f 1970 authorized_keys
cb7bd922 1971 - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
1972 [sshd.c]
1973 typo; slade@shore.net
61cf0e38 1974 - Removed log.o from sftp client. Not needed.
1c9a907f 1975
385590e4 197620010309
1977 - OpenBSD CVS Sync
1978 - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
1979 [auth1.c]
1980 unused; ok markus@
acf06a60 1981 - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
1982 [sftp.1]
1983 spelling, cleanup; ok deraadt@
fee56204 1984 - markus@cvs.openbsd.org 2001/03/08 21:42:33
1985 [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
1986 implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
1987 no need to do enter passphrase or do expensive sign operations if the
1988 server does not accept key).
385590e4 1989
3a7fe5ba 199020010308
1991 - OpenBSD CVS Sync
d5ebca2b 1992 - djm@cvs.openbsd.org 2001/03/07 10:11:23
1993 [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
1994 Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
1995 functions and small protocol change.
1996 - markus@cvs.openbsd.org 2001/03/08 00:15:48
1997 [readconf.c ssh.1]
1998 turn off useprivilegedports by default. only rhost-auth needs
1999 this. older sshd's may need this, too.
097ca118 2000 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
2001 Dirk Markwardt <D.Markwardt@tu-bs.de>
3a7fe5ba 2002
3251b439 200320010307
2004 - (bal) OpenBSD CVS Sync
2005 - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
2006 [ssh-keyscan.c]
2007 appease gcc
a5ec8a3d 2008 - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
2009 [sftp-int.c sftp.1 sftp.c]
2010 sftp -b batchfile; mouring@etoh.eviladmin.org
17910dce 2011 - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
2012 [sftp.1]
2013 order things
2c86906e 2014 - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
2015 [ssh.1 sshd.8]
2016 the name "secure shell" is boring, noone ever uses it
7daf8515 2017 - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
2018 [ssh.1]
2019 removed dated comment
f52798a4 2020 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
3251b439 2021
657297ff 202220010306
2023 - (bal) OpenBSD CVS Sync
2024 - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
2025 [sshd.8]
2026 alpha order; jcs@rt.fm
7c8f2a26 2027 - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
2028 [servconf.c]
2029 sync error message; ok markus@
f2ba0775 2030 - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
2031 [myproposal.h ssh.1]
2032 switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
2033 provos & markus ok
7a6c39a3 2034 - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
2035 [sshd.8]
2036 detail default hmac setup too
7de5b06b 2037 - markus@cvs.openbsd.org 2001/03/05 17:17:21
2038 [kex.c kex.h sshconnect2.c sshd.c]
2039 generate a 2*need size (~300 instead of 1024/2048) random private
2040 exponent during the DH key agreement. according to Niels (the great
2041 german advisor) this is safe since /etc/primes contains strong
2042 primes only.
2043
2044 References:
2045 P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
2046 agreement with short exponents, In Advances in Cryptology
2047 - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
a5df12e9 2048 - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
2049 [ssh.1]
2050 more ssh_known_hosts2 documentation; ok markus@
0b2190ee 2051 - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
2052 [dh.c]
2053 spelling
bbc62e59 2054 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
2055 [authfd.c cli.c ssh-agent.c]
2056 EINTR/EAGAIN handling is required in more cases
c16c7f20 2057 - millert@cvs.openbsd.org 2001/03/06 01:06:03
2058 [ssh-keyscan.c]
2059 Don't assume we wil get the version string all in one read().
2060 deraadt@ OK'd
09cb311c 2061 - millert@cvs.openbsd.org 2001/03/06 01:08:27
2062 [clientloop.c]
2063 If read() fails with EINTR deal with it the same way we treat EAGAIN
657297ff 2064
1a2936c4 206520010305
2066 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
68fa858a 2067 - (bal) CVS ID touch up on sftp-int.c
e77df335 2068 - (bal) CVS ID touch up on uuencode.c
6cca9fde 2069 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
778f6940 2070 - (bal) OpenBSD CVS Sync
dcb971e1 2071 - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
2072 [sshd.8]
2073 it's the OpenSSH one
778f6940 2074 - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
2075 [ssh-keyscan.c]
2076 inline -> __inline__, and some indent
81333640 2077 - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
2078 [authfile.c]
2079 improve fd handling
79ddf6db 2080 - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
2081 [sftp-server.c]
2082 careful with & and &&; markus ok
96ee8386 2083 - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
2084 [ssh.c]
2085 -i supports DSA identities now; ok markus@
0c126dc9 2086 - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
2087 [servconf.c]
2088 grammar; slade@shore.net
ed2166d8 2089 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
2090 [ssh-keygen.1 ssh-keygen.c]
2091 document -d, and -t defaults to rsa1
b07ae1e9 2092 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
2093 [ssh-keygen.1 ssh-keygen.c]
2094 bye bye -d
e2fccec3 2095 - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
2096 [sshd_config]
2097 activate RSA 2 key
e91c60f2 2098 - markus@cvs.openbsd.org 2001/02/22 21:57:27
2099 [ssh.1 sshd.8]
2100 typos/grammar from matt@anzen.com
3b1a83df 2101 - markus@cvs.openbsd.org 2001/02/22 21:59:44
2102 [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
2103 use pwcopy in ssh.c, too
19d57054 2104 - markus@cvs.openbsd.org 2001/02/23 15:34:53
2105 [serverloop.c]
2106 debug2->3
00be5382 2107 - markus@cvs.openbsd.org 2001/02/23 18:15:13
2108 [sshd.c]
2109 the random session key depends now on the session_key_int
2110 sent by the 'attacker'
2111 dig1 = md5(cookie|session_key_int);
2112 dig2 = md5(dig1|cookie|session_key_int);
2113 fake_session_key = dig1|dig2;
2114 this change is caused by a mail from anakin@pobox.com
2115 patch based on discussions with my german advisor niels@openbsd.org
ec63b02d 2116 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
2117 [readconf.c]
2118 look for id_rsa by default, before id_dsa
582038fb 2119 - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
2120 [sshd_config]
2121 ssh2 rsa key before dsa key
6e18cb71 2122 - markus@cvs.openbsd.org 2001/02/27 10:35:27
2123 [packet.c]
2124 fix random padding
1b5dfeb2 2125 - markus@cvs.openbsd.org 2001/02/27 11:00:11
2126 [compat.c]
2127 support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
4ab21f86 2128 - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
2129 [misc.c]
2130 pull in protos
167b3512 2131 - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
2132 [sftp.c]
2133 do not kill the subprocess on termination (we will see if this helps
2134 things or hurts things)
7e8911cd 2135 - markus@cvs.openbsd.org 2001/02/28 08:45:39
2136 [clientloop.c]
2137 fix byte counts for ssh protocol v1
ee55dacf 2138 - markus@cvs.openbsd.org 2001/02/28 08:54:55
2139 [channels.c nchan.c nchan.h]
2140 make sure remote stderr does not get truncated.
2141 remove closed fd's from the select mask.
a6215e53 2142 - markus@cvs.openbsd.org 2001/02/28 09:57:07
2143 [packet.c packet.h sshconnect2.c]
2144 in ssh protocol v2 use ignore messages for padding (instead of
2145 trailing \0).
94dfb550 2146 - markus@cvs.openbsd.org 2001/02/28 12:55:07
2147 [channels.c]
2148 unify debug messages
5649fbbe 2149 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
2150 [misc.c]
2151 for completeness, copy pw_gecos too
0572fe75 2152 - markus@cvs.openbsd.org 2001/02/28 21:21:41
2153 [sshd.c]
2154 generate a fake session id, too
95ce5599 2155 - markus@cvs.openbsd.org 2001/02/28 21:27:48
2156 [channels.c packet.c packet.h serverloop.c]
2157 use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
2158 use random content in ignore messages.
355724fc 2159 - markus@cvs.openbsd.org 2001/02/28 21:31:32
2160 [channels.c]
2161 typo
c3f7d267 2162 - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
2163 [authfd.c]
2164 split line so that p will have an easier time next time around
a01a5f30 2165 - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
2166 [ssh.c]
2167 shorten usage by a line
12bf85ed 2168 - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
2169 [auth-rsa.c auth2.c deattack.c packet.c]
2170 KNF
4371658c 2171 - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
2172 [cli.c cli.h rijndael.h ssh-keyscan.1]
2173 copyright notices on all source files
ce91d6f8 2174 - markus@cvs.openbsd.org 2001/03/01 22:46:37
2175 [ssh.c]
2176 don't truncate remote ssh-2 commands; from mkubita@securities.cz
2177 use min, not max for logging, fixes overflow.
409edaba 2178 - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
2179 [sshd.8]
2180 explain SIGHUP better
b8dc87d3 2181 - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
2182 [sshd.8]
2183 doc the dsa/rsa key pair files
f3c7c613 2184 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
2185 [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
2186 scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
2187 ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
2188 make copyright lines the same format
2671b47f 2189 - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
2190 [ssh-keyscan.c]
2191 standard theo sweep
ff7fee59 2192 - millert@cvs.openbsd.org 2001/03/03 21:19:41
2193 [ssh-keyscan.c]
2194 Dynamically allocate read_wait and its copies. Since maxfd is
2195 based on resource limits it is often (usually?) larger than FD_SETSIZE.
c8d75031 2196 - millert@cvs.openbsd.org 2001/03/03 21:40:30
2197 [sftp-server.c]
2198 Dynamically allocate fd_set; deraadt@ OK
20e04e90 2199 - millert@cvs.openbsd.org 2001/03/03 21:41:07
2200 [packet.c]
2201 Dynamically allocate fd_set; deraadt@ OK
dce9bac5 2202 - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
2203 [sftp-server.c]
2204 KNF
c630ce76 2205 - markus@cvs.openbsd.org 2001/03/03 23:52:22
2206 [sftp.c]
2207 clean up arg processing. based on work by Christophe_Moret@hp.com
20244695 2208 - markus@cvs.openbsd.org 2001/03/03 23:59:34
2209 [log.c ssh.c]
2210 log*.c -> log.c
61f8a1d1 2211 - markus@cvs.openbsd.org 2001/03/04 00:03:59
2212 [channels.c]
2213 debug1->2
38967add 2214 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
2215 [ssh.c]
2216 add -m to usage; ok markus@
46f23b8d 2217 - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
2218 [sshd.8]
2219 small cleanup and clarify for PermitRootLogin; ok markus@
9c81df4c 2220 - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
2221 [servconf.c sshd.8]
2222 kill obsolete RandomSeed; ok markus@ deraadt@
f5429434 2223 - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
2224 [sshd.8]
2225 spelling
54b974dc 2226 - millert@cvs.openbsd.org 2001/03/04 17:42:28
2227 [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
2228 ssh.c sshconnect.c sshd.c]
2229 log functions should not be passed strings that end in newline as they
2230 get passed on to syslog() and when logging to stderr, do_log() appends
2231 its own newline.
51c251f0 2232 - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
2233 [sshd.8]
2234 list SSH2 ciphers
2605addd 2235 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
164c80dc 2236 - (bal) Fix up logging since it changed. removed log-*.c
cc3067d6 2237 - (djm) Fix up LOG_AUTHPRIV for systems that have it
70a052c7 2238 - (stevesk) OpenBSD sync:
2239 - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
2240 [ssh-keyscan.c]
2241 skip inlining, why bother
5152d46f 2242 - (stevesk) sftp.c: handle __progname
1a2936c4 2243
40edd7ef 224420010304
2245 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
889fbcd3 2246 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
2247 give Mark Roth credit for mdoc2man.pl
40edd7ef 2248
9817de5f 224920010303
40edd7ef 2250 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
2251 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
2252 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
2253 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
68fa858a 2254 "--with-egd-pool" configure option with "--with-prngd-socket" and
9bdd5929 2255 "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
2256 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
9817de5f 2257
20cad736 225820010301
68fa858a 2259 - (djm) Properly add -lcrypt if needed.
5f404be3 2260 - (djm) Force standard PAM conversation function in a few more places.
68fa858a 2261 Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
5f404be3 2262 <nalin@redhat.com>
68fa858a 2263 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
480eb294 2264 <vinschen@redhat.com>
ad1f4a20 2265 - (djm) Released 2.5.1p2
20cad736 2266
cf0c5df5 226720010228
2268 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
2269 "Bad packet length" bugs.
68fa858a 2270 - (djm) Fully revert PAM session patch (again). All PAM session init is
403f5a8e 2271 now done before the final fork().
065ef9b1 2272 - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
d9b1f19a 2273 - (djm) Remove /tmp from EGD socket search list
cf0c5df5 2274
86b416a7 227520010227
68fa858a 2276 - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
51fb577a 2277 <vinschen@redhat.com>
2af09193 2278 - (bal) OpenBSD Sync
2279 - markus@cvs.openbsd.org 2001/02/23 15:37:45
2280 [session.c]
2281 handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
68fa858a 2282 - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
a892c46e 2283 <jmknoble@jmknoble.cx>
68fa858a 2284 - (djm) Fix up POSIX saved uid support. Report from Mark Miller
f4e9a0e1 2285 <markm@swoon.net>
2286 - (djm) Search for -lcrypt on FreeBSD too
c7c72446 2287 - (djm) fatal() on OpenSSL version mismatch
27cf96de 2288 - (djm) Move PAM init to after fork for non-Solaris derived PAMs
d5c4c52e 2289 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
2290 <markm@swoon.net>
4bc6dd70 2291 - (djm) Fix PAM fix
4236bde4 2292 - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
2293 change is being made as 2.5.x configfiles are not back-compatible with
64e0e67e 2294 2.3.x.
2295 - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
2296 <markm@swoon.net>
68fa858a 2297 - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
a29d3f1c 2298 <tim@multitalents.net>
68fa858a 2299 - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
a29d3f1c 2300 <tim@multitalents.net>
51fb577a 2301
4925395f 230220010226
2303 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
68fa858a 2304 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
e9a13ac1 2305 Based on patch from Tim Rice <tim@multitalents.net>
4925395f 2306
1eb4ec64 230720010225
2308 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
2309 Patch from Adrian Ho <lexfiend@usa.net>
490cad94 2310 - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
2311 platform defines u_int64_t as being that.
1eb4ec64 2312
a738c3b0 231320010224
68fa858a 2314 - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
a738c3b0 2315 Vinschen <vinschen@redhat.com>
2316 - (bal) Reorder where 'strftime' is detected to resolve linking
2317 issues on SCO. Patch by Tim Rice <tim@multitalents.net>
2318
8fd97cc4 231920010224
2320 - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
2321 Patch by Pekka Savola <pekkas@netcore.fi>
8f0b3553 2322 - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
2323 some platforms.
3d114925 2324 - (bal) Generalize lack of UNIX sockets since this also effects Cray
2325 not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
8fd97cc4 2326
14a49e44 232720010223
2328 - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
2329 <tell@telltronics.org>
cb291102 2330 - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
2331 that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
68fa858a 2332 - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
5a67331c 2333 <tim@multitalents.net>
14a49e44 2334
68fa858a 233520010222
73d6d7fa 2336 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
ca742b3b 2337 - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
2338 - (bal) Removed reference to liblogin from contrib/README. It was
2339 integrated into OpenSSH a long while ago.
2a81eb9f 2340 - (stevesk) remove erroneous #ifdef sgi code.
2341 Michael Stone <mstone@cs.loyola.edu>
73d6d7fa 2342
fbf305f1 234320010221
2344 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
68fa858a 2345 - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
9dd3bc84 2346 <tim@multitalents.net>
1fe61b2e 2347 - (bal) Reverted out of 2001/02/15 patch by djm below because it
2348 breaks Solaris.
2349 - (djm) Move PAM session setup back to before setuid to user.
2350 fixes problems on Solaris-drived PAMs.
266140a8 2351 - (stevesk) session.c: back out to where we were before:
68fa858a 2352 - (djm) Move PAM session initialisation until after fork in sshd. Patch
266140a8 2353 from Nalin Dahyabhai <nalin@redhat.com>
9dd3bc84 2354
8b3319f4 235520010220
2356 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
2357 getcwd.c.
c2b544a5 2358 - (bal) OpenBSD CVS Sync:
2359 - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
2360 [sshd.c]
2361 clarify message to make it not mention "ident"
8b3319f4 2362
1729c161 236320010219
2364 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
2365 pty.[ch] -> sshpty.[ch]
d6f13fbb 2366 - (djm) Rework search for OpenSSL location. Skip directories which don't
2367 exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
2368 with its limit of 6 -L options.
0476625f 2369 - OpenBSD CVS Sync:
2370 - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
2371 [sftp.1]
2372 typo
2373 - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
2374 [ssh.c]
2375 cleanup -V output; noted by millert
2376 - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
2377 [sshd.8]
2378 it's the OpenSSH one
2379 - markus@cvs.openbsd.org 2001/02/18 11:33:54
2380 [dispatch.c]
2381 typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
2382 - markus@cvs.openbsd.org 2001/02/19 02:53:32
2383 [compat.c compat.h serverloop.c]
2384 ssh-1.2.{18-22} has broken handling of ignore messages; report from
2385 itojun@
2386 - markus@cvs.openbsd.org 2001/02/19 03:35:23
2387 [version.h]
2388 OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
2389 - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
2390 [scp.c]
2391 np is changed by recursion; vinschen@redhat.com
2392 - Update versions in RPM spec files
2393 - Release 2.5.1p1
1729c161 2394
663fd560 239520010218
68fa858a 2396 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
2397 <tim@multitalents.net>
25cd3375 2398 - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
2399 stevesk
68fa858a 2400 - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
58e7f038 2401 <vinschen@redhat.com> and myself.
32ced054 2402 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
2403 Miskiewicz <misiek@pld.ORG.PL>
6a951840 2404 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
2405 Todd C. Miller <Todd.Miller@courtesan.com>
68fa858a 2406 - (djm) Use ttyname() to determine name of tty returned by openpty()
2407 rather then risking overflow. Patch from Marek Michalkiewicz
b82f1310 2408 <marekm@amelek.gda.pl>
68fa858a 2409 - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
bdf80b2c 2410 Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
af8fda37 2411 - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
68fa858a 2412 - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
df538d55 2413 SunOS)
68fa858a 2414 - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
f61d6b17 2415 <tim@multitalents.net>
dfef7e7e 2416 - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
36a358ca 2417 - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
68fa858a 2418 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
d54d99a3 2419 SIGALRM.
e1a023df 2420 - (djm) Move entropy.c over to mysignal()
68fa858a 2421 - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
2422 a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
667beaa9 2423 Miller <Todd.Miller@courtesan.com>
ecdde3d8 2424 - (djm) Update RPM spec files for 2.5.0p1
51ee9048 2425 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
2426 enable with --with-bsd-auth.
2adddc78 2427 - (stevesk) entropy.c: typo; should be SIGPIPE
663fd560 2428
0b1728c5 242920010217
2430 - (bal) OpenBSD Sync:
2431 - markus@cvs.openbsd.org 2001/02/16 13:38:18
68fa858a 2432 [channel.c]
2433 remove debug
c8b058b4 2434 - markus@cvs.openbsd.org 2001/02/16 14:03:43
2435 [session.c]
2436 proper payload-length check for x11 w/o screen-number
0b1728c5 2437
b41d8d4d 243820010216
2439 - (bal) added '--with-prce' to allow overriding of system regex when
2440 required (tested by David Dulek <ddulek@fastenal.com>)
d6fdb079 2441 - (bal) Added DG/UX case and set that they have a broken IPTOS.
278588d8 2442 - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
2443 Fixes linking on SCO.
68fa858a 2444 - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
0ceb21d6 2445 Nalin Dahyabhai <nalin@redhat.com>
2446 - (djm) BSD license for gnome-ssh-askpass (was X11)
2447 - (djm) KNF on gnome-ssh-askpass
ed6553e2 2448 - (djm) USE_PIPES for a few more sysv platforms
2449 - (djm) Cleanup configure.in a little
2450 - (djm) Ask users to check config.log when we can't find necessary libs
aca75d94 2451 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
2452 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
0ae4fe1d 2453 - (djm) OpenBSD CVS:
2454 - markus@cvs.openbsd.org 2001/02/15 16:19:59
2455 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
2456 [sshconnect1.c sshconnect2.c]
2457 genericize password padding function for SSH1 and SSH2.
2458 add stylized echo to 2, too.
2459 - (djm) Add roundup() macro to defines.h
9535dddf 2460 - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
2461 needed on Unixware 2.x.
b41d8d4d 2462
0086bfaf 246320010215
68fa858a 2464 - (djm) Move PAM session setup back to before setuid to user. Fixes
0086bfaf 2465 problems on Solaris-derived PAMs.
e11aab29 2466 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
2467 <Darren.Moffat@eng.sun.com>
9e3c31f7 2468 - (bal) Sync w/ OpenSSH for new release
2469 - markus@cvs.openbsd.org 2001/02/12 12:45:06
2470 [sshconnect1.c]
2471 fix xmalloc(0), ok dugsong@
b2552997 2472 - markus@cvs.openbsd.org 2001/02/11 12:59:25
2473 [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
2474 sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
2475 1) clean up the MAC support for SSH-2
2476 2) allow you to specify the MAC with 'ssh -m'
2477 3) or the 'MACs' keyword in ssh(d)_config
2478 4) add hmac-{md5,sha1}-96
2479 ok stevesk@, provos@
15853e93 2480 - markus@cvs.openbsd.org 2001/02/12 16:16:23
2481 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
2482 ssh-keygen.c sshd.8]
2483 PermitRootLogin={yes,without-password,forced-commands-only,no}
2484 (before this change, root could login even if PermitRootLogin==no)
7cc4cf0a 2485 - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
fd193ca4 2486 [clientloop.c packet.c ssh-keyscan.c]
2487 deal with EAGAIN/EINTR selects which were skipped
7cc4cf0a 2488 - markus@cvs.openssh.org 2001/02/13 22:49:40
2489 [auth1.c auth2.c]
2490 setproctitle(user) only if getpwnam succeeds
2491 - markus@cvs.openbsd.org 2001/02/12 23:26:20
2492 [sshd.c]
2493 missing memset; from solar@openwall.com
2494 - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
2495 [sftp-int.c]
2496 lumask now works with 1 numeric arg; ok markus@, djm@
2497 - djm@cvs.openbsd.org 2001/02/14 9:46:03
2498 [sftp-client.c sftp-int.c sftp.1]
2499 Fix and document 'preserve modes & times' option ('-p' flag in sftp);
2500 ok markus@
0b16bb01 2501 - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
2502 - (djm) Move to Jim's 1.2.0 X11 askpass program
62da27dd 2503 - (stevesk) OpenBSD sync:
2504 - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
2505 [serverloop.c]
2506 indent
0b16bb01 2507
1c2d0a13 250820010214
2509 - (djm) Don't try to close PAM session or delete credentials if the
68fa858a 2510 session has not been open or credentials not set. Based on patch from
1c2d0a13 2511 Andrew Bartlett <abartlet@pcug.org.au>
68fa858a 2512 - (djm) Move PAM session initialisation until after fork in sshd. Patch
0ab1bcba 2513 from Nalin Dahyabhai <nalin@redhat.com>
958e5ae4 2514 - (bal) Missing function prototype in bsd-snprintf.c patch by
2515 Mark Miller <markm@swoon.net>
b7ccb051 2516 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
2517 <cmadams@hiwaay.net> with a little modification and KNF.
815800e1 2518 - (stevesk) fix for SIA patch, misplaced session_setup_sia()
1c2d0a13 2519
0610439b 252020010213
84eb157c 2521 - (djm) Only test -S potential EGD sockets if they exist and are readable.
f1312c76 2522 - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
2523 I did a base KNF over the whe whole file to make it more acceptable.
2524 (backed out of original patch and removed it from ChangeLog)
01f13020 2525 - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
2526 Tim Rice <tim@multitalents.net>
8d60e965 2527 - (stevesk) auth1.c: fix PAM passwordless check.
0610439b 2528
894a4851 252920010212
68fa858a 2530 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
2531 --define "skip_gnome_askpass 1", --define "rh7 1" and make the
2532 implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
894a4851 2533 Pekka Savola <pekkas@netcore.fi>
782d6a0d 2534 - (djm) Clean up PCRE text in INSTALL
68fa858a 2535 - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
77db6c3f 2536 <mib@unimelb.edu.au>
6f68f28a 2537 - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
01a7bc9a 2538 - (stevesk) session.c: remove debugging code.
894a4851 2539
abf1f107 254020010211
2541 - (bal) OpenBSD Sync
2542 - markus@cvs.openbsd.org 2001/02/07 22:35:46
2543 [auth1.c auth2.c sshd.c]
2544 move k_setpag() to a central place; ok dugsong@
c845316f 2545 - markus@cvs.openbsd.org 2001/02/10 12:52:02
2546 [auth2.c]
2547 offer passwd before s/key
e6fa162e 2548 - markus@cvs.openbsd.org 2001/02/8 22:37:10
2549 [canohost.c]
2550 remove last call to sprintf; ok deraadt@
0ab4b0f0 2551 - markus@cvs.openbsd.org 2001/02/10 1:33:32
2552 [canohost.c]
2553 add debug message, since sshd blocks here if DNS is not available
7f8ea238 2554 - markus@cvs.openbsd.org 2001/02/10 12:44:02
2555 [cli.c]
2556 don't call vis() for \r
5c470997 2557 - danh@cvs.openbsd.org 2001/02/10 0:12:43
2558 [scp.c]
2559 revert a small change to allow -r option to work again; ok deraadt@
2560 - danh@cvs.openbsd.org 2001/02/10 15:14:11
2561 [scp.c]
2562 fix memory leak; ok markus@
a0e6fead 2563 - djm@cvs.openbsd.org 2001/02/10 0:45:52
2564 [scp.1]
2565 Mention that you can quote pathnames with spaces in them
b3106440 2566 - markus@cvs.openbsd.org 2001/02/10 1:46:28
2567 [ssh.c]
2568 remove mapping of argv[0] -> hostname
f72e01a5 2569 - markus@cvs.openbsd.org 2001/02/06 22:26:17
2570 [sshconnect2.c]
2571 do not ask for passphrase in batch mode; report from ejb@ql.org
2572 - itojun@cvs.opebsd.org 2001/02/08 10:47:05
5d1d11d1 2573 [sshconnect.c sshconnect1.c sshconnect2.c]
68fa858a 2574 %.30s is too short for IPv6 numeric address. use %.128s for now.
f72e01a5 2575 markus ok
2576 - markus@cvs.openbsd.org 2001/02/09 12:28:35
2577 [sshconnect2.c]
2578 do not free twice, thanks to /etc/malloc.conf
2579 - markus@cvs.openbsd.org 2001/02/09 17:10:53
2580 [sshconnect2.c]
2581 partial success: debug->log; "Permission denied" if no more auth methods
2582 - markus@cvs.openbsd.org 2001/02/10 12:09:21
2583 [sshconnect2.c]
2584 remove some lines
e0b2cf6b 2585 - markus@cvs.openbsd.org 2001/02/09 13:38:07
2586 [auth-options.c]
2587 reset options if no option is given; from han.holl@prismant.nl
ca910e13 2588 - markus@cvs.openbsd.org 2001/02/08 21:58:28
2589 [channels.c]
2590 nuke sprintf, ok deraadt@
2591 - markus@cvs.openbsd.org 2001/02/08 21:58:28
2592 [channels.c]
2593 nuke sprintf, ok deraadt@
affa8be4 2594 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2595 [clientloop.h]
2596 remove confusing callback code
d2c46e77 2597 - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
2598 [readconf.c]
2599 snprintf
cc8aca8a 2600 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
2601 sync with netbsd tree changes.
2602 - more strict prototypes, include necessary headers
2603 - use paths.h/pathnames.h decls
2604 - size_t typecase to int -> u_long
5be2ec5e 2605 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
2606 [ssh-keyscan.c]
2607 fix size_t -> int cast (use u_long). markus ok
2608 - markus@cvs.openbsd.org 2001/02/07 22:43:16
2609 [ssh-keyscan.c]
2610 s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
2611 - itojun@cvs.openbsd.org 2001/02/09 9:04:59
2612 [ssh-keyscan.c]
68fa858a 2613 do not assume malloc() returns zero-filled region. found by
5be2ec5e 2614 malloc.conf=AJ.
f21032a6 2615 - markus@cvs.openbsd.org 2001/02/08 22:35:30
2616 [sshconnect.c]
68fa858a 2617 don't connect if batch_mode is true and stricthostkeychecking set to
f21032a6 2618 'ask'
7bbcc167 2619 - djm@cvs.openbsd.org 2001/02/04 21:26:07
2620 [sshd_config]
2621 type: ok markus@
2622 - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
2623 [sshd_config]
2624 enable sftp-server by default
a2e6d17d 2625 - deraadt 2001/02/07 8:57:26
2626 [xmalloc.c]
2627 deal with new ANSI malloc stuff
2628 - markus@cvs.openbsd.org 2001/02/07 16:46:08
2629 [xmalloc.c]
2630 typo in fatal()
2631 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
2632 [xmalloc.c]
2633 fix size_t -> int cast (use u_long). markus ok
4ef922e3 2634 - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
2635 [serverloop.c sshconnect1.c]
68fa858a 2636 mitigate SSH1 traffic analysis - from Solar Designer
4ef922e3 2637 <solar@openwall.com>, ok provos@
68fa858a 2638 - (bal) fixed sftp-client.c. Return 'status' instead of '0'
ca910e13 2639 (from the OpenBSD tree)
6b442913 2640 - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
27df9d4a 2641 - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
17321afe 2642 - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
f98d56f0 2643 - (bal) A bit more whitespace cleanup
68fa858a 2644 - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
e275684f 2645 <abartlet@pcug.org.au>
b27e97b1 2646 - (stevesk) misc.c: ssh.h not needed.
38a316c0 2647 - (stevesk) compat.c: more friendly cpp error
94f38e16 2648 - (stevesk) OpenBSD sync:
2649 - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
2650 [LICENSE]
2651 typos and small cleanup; ok deraadt@
abf1f107 2652
0426a3b4 265320010210
2654 - (djm) Sync sftp and scp stuff from OpenBSD:
2655 - djm@cvs.openbsd.org 2001/02/07 03:55:13
2656 [sftp-client.c]
2657 Don't free handles before we are done with them. Based on work from
2658 Corinna Vinschen <vinschen@redhat.com>. ok markus@
2659 - djm@cvs.openbsd.org 2001/02/06 22:32:53
2660 [sftp.1]
2661 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
2662 - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
2663 [sftp.1]
2664 pretty up significantly
2665 - itojun@cvs.openbsd.org 2001/02/07 06:49:42
2666 [sftp.1]
2667 .Bl-.El mismatch. markus ok
2668 - djm@cvs.openbsd.org 2001/02/07 06:12:30
2669 [sftp-int.c]
2670 Check that target is a directory before doing ls; ok markus@
2671 - itojun@cvs.openbsd.org 2001/02/07 11:01:18
2672 [scp.c sftp-client.c sftp-server.c]
2673 unsigned long long -> %llu, not %qu. markus ok
2674 - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
2675 [sftp.1 sftp-int.c]
2676 more man page cleanup and sync of help text with man page; ok markus@
2677 - markus@cvs.openbsd.org 2001/02/07 14:58:34
2678 [sftp-client.c]
2679 older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
2680 - djm@cvs.openbsd.org 2001/02/07 15:27:19
2681 [sftp.c]
2682 Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
2683 <roumen.petrov@skalasoft.com>
2684 - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
2685 [sftp-int.c]
2686 portable; ok markus@
2687 - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
2688 [sftp-int.c]
2689 lowercase cmds[].c also; ok markus@
2690 - markus@cvs.openbsd.org 2001/02/07 17:04:52
2691 [pathnames.h sftp.c]
2692 allow sftp over ssh protocol 1; ok djm@
2693 - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
2694 [scp.c]
2695 memory leak fix, and snprintf throughout
2696 - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
2697 [sftp-int.c]
2698 plug a memory leak
2699 - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
2700 [session.c sftp-client.c]
2701 %i -> %d
2702 - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
2703 [sftp-int.c]
2704 typo
2705 - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
2706 [sftp-int.c pathnames.h]
2707 _PATH_LS; ok markus@
2708 - djm@cvs.openbsd.org 2001/02/09 04:46:25
2709 [sftp-int.c]
2710 Check for NULL attribs for chown, chmod & chgrp operations, only send
2711 relevant attribs back to server; ok markus@
96b64eb0 2712 - djm@cvs.openbsd.org 2001/02/06 15:05:25
2713 [sftp.c]
2714 Use getopt to process commandline arguments
2715 - djm@cvs.openbsd.org 2001/02/06 15:06:21
2716 [sftp.c ]
2717 Wait for ssh subprocess at exit
2718 - djm@cvs.openbsd.org 2001/02/06 15:18:16
2719 [sftp-int.c]
2720 stat target for remote chdir before doing chdir
2721 - djm@cvs.openbsd.org 2001/02/06 15:32:54
2722 [sftp.1]
2723 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
2724 - provos@cvs.openbsd.org 2001/02/05 22:22:02
2725 [sftp-int.c]
2726 cleanup get_pathname, fix pwd after failed cd. okay djm@
0426a3b4 2727 - (djm) Update makefile.in for _PATH_SFTP_SERVER
c9f5e42e 2728 - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
0426a3b4 2729
6d1e1d2b 273020010209
68fa858a 2731 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
6d1e1d2b 2732 <rjmooney@mediaone.net>
bb0c1991 2733 - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
68fa858a 2734 main tree while porting forward. Pointed out by Lutz Jaenicke
bb0c1991 2735 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
f902d909 2736 - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
2737 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
25f4c264 2738 - (stevesk) OpenBSD sync:
2739 - markus@cvs.openbsd.org 2001/02/08 11:20:01
2740 [auth2.c]
2741 strict checking
2742 - markus@cvs.openbsd.org 2001/02/08 11:15:22
2743 [version.h]
2744 update to 2.3.2
2745 - markus@cvs.openbsd.org 2001/02/08 11:12:30
2746 [auth2.c]
2747 fix typo
72b3f75d 2748 - (djm) Update spec files
0ed28836 2749 - (bal) OpenBSD sync:
2750 - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
2751 [scp.c]
2752 memory leak fix, and snprintf throughout
1fc8ccdf 2753 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2754 [clientloop.c]
2755 remove confusing callback code
0b202697 2756 - (djm) Add CVS Id's to files that we have missed
5ca51e19 2757 - (bal) OpenBSD Sync (more):
2758 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
2759 sync with netbsd tree changes.
2760 - more strict prototypes, include necessary headers
2761 - use paths.h/pathnames.h decls
2762 - size_t typecase to int -> u_long
1f3bf5aa 2763 - markus@cvs.openbsd.org 2001/02/06 22:07:42
2764 [ssh.c]
2765 fatal() if subsystem fails
2766 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2767 [ssh.c]
2768 remove confusing callback code
2769 - jakob@cvs.openbsd.org 2001/02/06 23:03:24
2770 [ssh.c]
2771 add -1 option (force protocol version 1). ok markus@
2772 - jakob@cvs.openbsd.org 2001/02/06 23:06:21
2773 [ssh.c]
2774 reorder -{1,2,4,6} options. ok markus@
e6aa01b4 2775 - (bal) Missing 'const' in readpass.h
9c5a8165 2776 - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
2777 - djm@cvs.openbsd.org 2001/02/06 23:30:28
2778 [sftp-client.c]
2779 replace arc4random with counter for request ids; ok markus@
68fa858a 2780 - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
bc79ed5c 2781 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
6d1e1d2b 2782
6a25c04c 278320010208
2784 - (djm) Don't delete external askpass program in make uninstall target.
2785 Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
6958bd37 2786 - (djm) Fix linking of sftp, don't need arc4random any more.
2787 - (djm) Try to use shell that supports "test -S" for EGD socket search.
2788 Based on patch from Tim Rice <tim@multitalents.net>
6a25c04c 2789
547519f0 279020010207
bee0a37e 2791 - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
2792 seem lose track of it while in openbsd-compat/ (two confirmed reports)
5c377b3b 2793 - (djm) Much KNF on PAM code
547519f0 2794 - (djm) Revise auth-pam.c conversation function to be a little more
2795 readable.
5c377b3b 2796 - (djm) Revise kbd-int PAM conversation function to fold all text messages
2797 to before first prompt. Fixes hangs if last pam_message did not require
2798 a reply.
2799 - (djm) Fix password changing when using PAM kbd-int authentication
bee0a37e 2800
547519f0 280120010205
2b87da3b 2802 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
99286dc8 2803 that don't have NGROUPS_MAX.
57559587 2804 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
2b87da3b 2805 - (stevesk) OpenBSD sync:
2806 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
2807 [many files; did this manually to our top-level source dir]
2808 unexpand and remove end-of-line whitespace; ok markus@
408ba72f 2809 - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
2810 [sftp-server.c]
2811 SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
ec2a033a 2812 - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
2813 [sftp-int.c]
2814 ? == help
2815 - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
2816 [sftp-int.c]
2817 sort commands, so that abbreviations work as expected
2818 - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
2819 [sftp-int.c]
2820 debugging sftp: precedence and missing break. chmod, chown, chgrp
2821 seem to be working now.
2822 - markus@cvs.openbsd.org 2001/02/04 14:41:21
2823 [sftp-int.c]
2824 use base 8 for umask/chmod
2825 - markus@cvs.openbsd.org 2001/02/04 11:11:54
2826 [sftp-int.c]
2827 fix LCD
c44559d2 2828 - markus@cvs.openbsd.org 2001/02/04 08:10:44
2829 [ssh.1]
2830 typo; dpo@club-internet.fr
a5930351 2831 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
2832 [auth2.c authfd.c packet.c]
2833 remove duplicate #include's; ok markus@
6a416424 2834 - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
2835 [scp.c sshd.c]
2836 alpha happiness
2837 - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
2838 [sshd.c]
2839 precedence; ok markus@
02a024dd 2840 - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
6a416424 2841 [ssh.c sshd.c]
2842 make the alpha happy
02a024dd 2843 - markus@cvs.openbsd.org 2001/01/31 13:37:24
2844 [channels.c channels.h serverloop.c ssh.c]
68fa858a 2845 do not disconnect if local port forwarding fails, e.g. if port is
547519f0 2846 already in use
02a024dd 2847 - markus@cvs.openbsd.org 2001/02/01 14:58:09
2848 [channels.c]
2849 use ipaddr in channel messages, ietf-secsh wants this
2850 - markus@cvs.openbsd.org 2001/01/31 12:26:20
2851 [channels.c]
68fa858a 2852 ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
547519f0 2853 messages; bug report from edmundo@rano.org
a741554f 2854 - markus@cvs.openbsd.org 2001/01/31 13:48:09
2855 [sshconnect2.c]
2856 unused
9378f292 2857 - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
2858 [sftp-client.c sftp-server.c]
2859 make gcc on the alpha even happier
1fc243d1 2860
547519f0 286120010204
781a0585 2862 - (bal) I think this is the last of the bsd-*.h that don't belong.
634e0b53 2863 - (bal) Minor Makefile fix
f0f14bea 2864 - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
61e96248 2865 right.
78987b57 2866 - (bal) Changed order of LIB="" in -with-skey due to library resolving.
166e4f2a 2867 - (bal) next-posix.h changed to bsd-nextstep.h
61e96248 2868 - (djm) OpenBSD CVS sync:
2869 - markus@cvs.openbsd.org 2001/02/03 03:08:38
2870 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
2871 [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
2872 [sshd_config]
2873 make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
2874 - markus@cvs.openbsd.org 2001/02/03 03:19:51
2875 [ssh.1 sshd.8 sshd_config]
2876 Skey is now called ChallengeResponse
2877 - markus@cvs.openbsd.org 2001/02/03 03:43:09
2878 [sshd.8]
2879 use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
2880 channel. note from Erik.Anggard@cygate.se (pr/1659)
2881 - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
2882 [ssh.1]
2883 typos; ok markus@
2884 - djm@cvs.openbsd.org 2001/02/04 04:11:56
2885 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
2886 [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
2887 Basic interactive sftp client; ok theo@
2888 - (djm) Update RPM specs for new sftp binary
68fa858a 2889 - (djm) Update several bits for new optional reverse lookup stuff. I
61e96248 2890 think I got them all.
8b061486 2891 - (djm) Makefile.in fixes
1aa00dcb 2892 - (stevesk) add mysignal() wrapper and use it for the protocol 2
2893 SIGCHLD handler.
408ba72f 2894 - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
781a0585 2895
547519f0 289620010203
63fe0529 2897 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
bf3db92d 2898 - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
2899 based file) to ensure #include space does not get confused.
f78888c7 2900 - (bal) Minor Makefile.in tweak. dirname may not exist on some
2901 platforms so builds fail. (NeXT being a well known one)
63fe0529 2902
547519f0 290320010202
61e96248 2904 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
c85a87f2 2905 <vinschen@redhat.com>
71301416 2906 - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
2907 that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
c85a87f2 2908
547519f0 290920010201
ad5075bd 2910 - (bal) Minor fix to Makefile to stop rebuilding executables if no
2911 changes have occured to any of the supporting code. Patch by
2912 Roumen Petrov <roumen.petrov@skalasoft.com>
2913
9c8dbb1b 291420010131
37845585 2915 - (djm) OpenBSD CVS Sync:
2916 - djm@cvs.openbsd.org 2001/01/30 15:48:53
2917 [sshconnect.c]
2918 Make warning message a little more consistent. ok markus@
8c89dd2b 2919 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
2920 Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
2921 respectively.
c59dc6bd 2922 - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
2923 passwords.
9c8dbb1b 2924 - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
2925 openbsd-compat/. And resolve all ./configure and Makefile.in issues
2926 assocated.
37845585 2927
9c8dbb1b 292820010130
39929cdb 2929 - (djm) OpenBSD CVS Sync:
2930 - markus@cvs.openbsd.org 2001/01/29 09:55:37
2931 [channels.c channels.h clientloop.c serverloop.c]
2932 fix select overflow; ok deraadt@ and stevesk@
865ac82e 2933 - markus@cvs.openbsd.org 2001/01/29 12:42:35
2934 [canohost.c canohost.h channels.c clientloop.c]
2935 add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
46aa2d1f 2936 - markus@cvs.openbsd.org 2001/01/29 12:47:32
2937 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
2938 handle rsa_private_decrypt failures; helps against the Bleichenbacher
2939 pkcs#1 attack
ae810de7 2940 - djm@cvs.openbsd.org 2001/01/29 05:36:11
2941 [ssh.1 ssh.c]
2942 Allow invocation of sybsystem by commandline (-s); ok markus@
83bc57f9 2943 - (stevesk) configure.in: remove duplicate PROG_LS
39929cdb 2944
9c8dbb1b 294520010129
f29ef605 2946 - (stevesk) sftp-server.c: use %lld vs. %qd
2947
cb9da0fc 294820010128
2949 - (bal) Put USE_PIPES back into sco3.2v5
23c2a7a5 2950 - (bal) OpenBSD Sync
9bd5b720 2951 - markus@cvs.openbsd.org 2001/01/28 10:15:34
2952 [dispatch.c]
2953 re-keying is not supported; ok deraadt@
5fb622e4 2954 - markus@cvs.openbsd.org 2001/01/28 10:24:04
7f5c4295 2955 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5fb622e4 2956 cleanup AUTHORS sections
9bd5b720 2957 - markus@cvs.openbsd.org 2001/01/28 10:37:26
ab60252b 2958 [sshd.c sshd.8]
9bd5b720 2959 remove -Q, no longer needed
2960 - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
a877488a 2961 [readconf.c ssh.1]
9bd5b720 2962 ``StrictHostKeyChecking ask'' documentation and small cleanup.
2963 ok markus@
6f37606e 2964 - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
61e96248 2965 [sshd.8]
6f37606e 2966 spelling. ok markus@
95f4ccfb 2967 - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
2968 [xmalloc.c]
2969 use size_t for strlen() return. ok markus@
6f37606e 2970 - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
2971 [authfile.c]
2972 spelling. use sizeof vs. strlen(). ok markus@
9bd5b720 2973 - niklas@cvs.openbsd.org 2001/01/29 1:59:14
23c2a7a5 2974 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
2975 groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
2976 key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
2977 radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
2978 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
2979 sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
2980 $OpenBSD$
b0e305c9 2981 - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
cb9da0fc 2982
c9606e03 298320010126
61e96248 2984 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
c9606e03 2985 Petrov <roumen.petrov@skalasoft.com>
2f4b2e38 2986 - (bal) OpenBSD Sync
2987 - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
2988 [ssh-agent.c]
2989 call _exit() in signal handler
c9606e03 2990
d7d5f0b2 299120010125
2992 - (djm) Sync bsd-* support files:
2993 - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
2994 [rresvport.c bindresvport.c]
61e96248 2995 new bindresvport() semantics that itojun, shin, jean-luc and i have
d7d5f0b2 2996 agreed on, which will be happy for the future. bindresvport_sa() for
2997 sockaddr *, too. docs later..
2998 - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
2999 [bindresvport.c]
61e96248 3000 in bindresvport(), if sin is non-NULL, example sin->sin_family for
d7d5f0b2 3001 the actual family being processed
e1dd3a7a 3002 - (djm) Mention PRNGd in documentation, it is nicer than EGD
3003 - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
8080699b 3004 - (bal) AC_FUNC_STRFTIME added to autoconf
4ccb01d6 3005 - (bal) OpenBSD Resync
3006 - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
3007 [channels.c]
3008 missing freeaddrinfo(); ok markus@
d7d5f0b2 3009
556eb464 301020010124
3011 - (bal) OpenBSD Resync
3012 - markus@cvs.openbsd.org 2001/01/23 10:45:10
3013 [ssh.h]
61e96248 3014 nuke comment
1aecda34 3015 - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
3016 - (bal) #ifdef around S_IFSOCK if platform does not support it.
3017 patch by Tim Rice <tim@multitalents.net>
3018 - (bal) fake-regex.h cleanup based on Tim Rice's patch.
c33f0b36 3019 - (stevesk) sftp-server.c: fix chmod() mode mask
556eb464 3020
effa6591 302120010123
3022 - (bal) regexp.h typo in configure.in. Should have been regex.h
3023 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
61e96248 3024 - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
53a24016 3025 - (bal) OpenBSD Resync
3026 - markus@cvs.openbsd.org 2001/01/22 8:15:00
3027 [auth-krb4.c sshconnect1.c]
3028 only AFS needs radix.[ch]
3029 - markus@cvs.openbsd.org 2001/01/22 8:32:53
3030 [auth2.c]
3031 no need to include; from mouring@etoh.eviladmin.org
3032 - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
3033 [key.c]
3034 free() -> xfree(); ok markus@
3035 - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
3036 [sshconnect2.c sshd.c]
3037 fix memory leaks in SSH2 key exchange; ok markus@
d464095c 3038 - markus@cvs.openbsd.org 2001/01/22 23:06:39
3039 [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
3040 sshconnect1.c sshconnect2.c sshd.c]
3041 rename skey -> challenge response.
3042 auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
53a24016 3043
effa6591 3044
42f11eb2 304520010122
3046 - (bal) OpenBSD Resync
3047 - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
3048 [servconf.c ssh.h sshd.c]
3049 only auth-chall.c needs #ifdef SKEY
3050 - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
3051 [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
3052 auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
3053 packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
3054 session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
3055 ssh1.h sshconnect1.c sshd.c ttymodes.c]
3056 move ssh1 definitions to ssh1.h, pathnames to pathnames.h
3057 - markus@cvs.openbsd.org 2001/01/19 16:48:14
3058 [sshd.8]
3059 fix typo; from stevesk@
3060 - markus@cvs.openbsd.org 2001/01/19 16:50:58
3061 [ssh-dss.c]
61e96248 3062 clear and free digest, make consistent with other code (use dlen); from
42f11eb2 3063 stevesk@
3064 - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
3065 [auth-options.c auth-options.h auth-rsa.c auth2.c]
3066 pass the filename to auth_parse_options()
61e96248 3067 - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
42f11eb2 3068 [readconf.c]
3069 fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
3070 - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
3071 [sshconnect2.c]
3072 dh_new_group() does not return NULL. ok markus@
3073 - markus@cvs.openbsd.org 2001/01/20 21:33:42
3074 [ssh-add.c]
61e96248 3075 do not loop forever if askpass does not exist; from
42f11eb2 3076 andrew@pimlott.ne.mediaone.net
3077 - djm@cvs.openbsd.org 2001/01/20 23:00:56
3078 [servconf.c]
3079 Check for NULL return from strdelim; ok markus
3080 - djm@cvs.openbsd.org 2001/01/20 23:02:07
3081 [readconf.c]
3082 KNF; ok markus
3083 - jakob@cvs.openbsd.org 2001/01/21 9:00:33
3084 [ssh-keygen.1]
3085 remove -R flag; ok markus@
3086 - markus@cvs.openbsd.org 2001/01/21 19:05:40
3087 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
3088 auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
3089 auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
3090 bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
3091 cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
3092 deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
3093 key.c key.h log-client.c log-server.c log.c log.h login.c login.h
3094 match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
3095 readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
3096 session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
61e96248 3097 ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
42f11eb2 3098 sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
3099 ttysmodes.c uidswap.c xmalloc.c]
61e96248 3100 split ssh.h and try to cleanup the #include mess. remove unnecessary
42f11eb2 3101 #includes. rename util.[ch] -> misc.[ch]
3102 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
61e96248 3103 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
42f11eb2 3104 conflict when compiling for non-kerb install
3105 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
3106 on 1/19.
3107
6005a40c 310820010120
3109 - (bal) OpenBSD Resync
3110 - markus@cvs.openbsd.org 2001/01/19 12:45:26
3111 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
3112 only auth-chall.c needs #ifdef SKEY
47af6577 3113 - (bal) Slight auth2-pam.c clean up.
3114 - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
3115 but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
6005a40c 3116
922e6493 311720010119
3118 - (djm) Update versions in RPM specfiles
59c97189 3119 - (bal) OpenBSD Resync
3120 - markus@cvs.openbsd.org 2001/01/18 16:20:21
3121 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
3122 sshd.8 sshd.c]
61e96248 3123 log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
59c97189 3124 systems
3125 - markus@cvs.openbsd.org 2001/01/18 16:59:59
3126 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
3127 session.h sshconnect1.c]
3128 1) removes fake skey from sshd, since this will be much
3129 harder with /usr/libexec/auth/login_XXX
3130 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
3131 3) make addition of BSD_AUTH and other challenge reponse methods
3132 easier.
3133 - markus@cvs.openbsd.org 2001/01/18 17:12:43
3134 [auth-chall.c auth2-chall.c]
3135 rename *-skey.c *-chall.c since the files are not skey specific
04fc7a67 3136 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
3137 to fix NULL pointer deref and fake authloop breakage in PAM code.
f4ebf0e8 3138 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
3c418020 3139 - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
61e96248 3140
b5c334cc 314120010118
3142 - (bal) Super Sized OpenBSD Resync
3143 - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
3144 [sshd.c]
3145 maxfd+1
3146 - markus@cvs.openbsd.org 2001/01/13 17:59:18
3147 [ssh-keygen.1]
3148 small ssh-keygen manpage cleanup; stevesk@pobox.com
3149 - markus@cvs.openbsd.org 2001/01/13 18:03:07
3150 [scp.c ssh-keygen.c sshd.c]
3151 getopt() returns -1 not EOF; stevesk@pobox.com
3152 - markus@cvs.openbsd.org 2001/01/13 18:06:54
3153 [ssh-keyscan.c]
3154 use SSH_DEFAULT_PORT; from stevesk@pobox.com
3155 - markus@cvs.openbsd.org 2001/01/13 18:12:47
3156 [ssh-keyscan.c]
3157 free() -> xfree(); fix memory leak; from stevesk@pobox.com
3158 - markus@cvs.openbsd.org 2001/01/13 18:14:13
3159 [ssh-add.c]
3160 typo, from stevesk@sweden.hp.com
3161 - markus@cvs.openbsd.org 2001/01/13 18:32:50
61e96248 3162 [packet.c session.c ssh.c sshconnect.c sshd.c]
b5c334cc 3163 split out keepalive from packet_interactive (from dale@accentre.com)
3164 set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
3165 - markus@cvs.openbsd.org 2001/01/13 18:36:45
3166 [packet.c packet.h]
3167 reorder, typo
3168 - markus@cvs.openbsd.org 2001/01/13 18:38:00
3169 [auth-options.c]
3170 fix comment
3171 - markus@cvs.openbsd.org 2001/01/13 18:43:31
3172 [session.c]
3173 Wall
61e96248 3174 - markus@cvs.openbsd.org 2001/01/13 19:14:08
b5c334cc 3175 [clientloop.h clientloop.c ssh.c]
3176 move callback to headerfile
3177 - markus@cvs.openbsd.org 2001/01/15 21:40:10
3178 [ssh.c]
3179 use log() instead of stderr
3180 - markus@cvs.openbsd.org 2001/01/15 21:43:51
3181 [dh.c]
3182 use error() not stderr!
3183 - markus@cvs.openbsd.org 2001/01/15 21:45:29
3184 [sftp-server.c]
3185 rename must fail if newpath exists, debug off by default
3186 - markus@cvs.openbsd.org 2001/01/15 21:46:38
3187 [sftp-server.c]
3188 readable long listing for sftp-server, ok deraadt@
3189 - markus@cvs.openbsd.org 2001/01/16 19:20:06
3190 [key.c ssh-rsa.c]
61e96248 3191 make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
3192 galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
3193 since they are in the wrong format, too. they must be removed from
b5c334cc 3194 .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
61e96248 3195 (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
3196 .ssh/authorized_keys2) additionally, we now check that
b5c334cc 3197 BN_num_bits(rsa->n) >= 768.
3198 - markus@cvs.openbsd.org 2001/01/16 20:54:27
3199 [sftp-server.c]
3200 remove some statics. simpler handles; idea from nisse@lysator.liu.se
3201 - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
3202 [bufaux.c radix.c sshconnect.h sshconnect1.c]
3203 indent
3204 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
3205 be missing such feature.
3206
61e96248 3207
52ce34a2 320820010117
3209 - (djm) Only write random seed file at exit
717057b6 3210 - (djm) Make PAM support optional, enable with --with-pam
61e96248 3211 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
717057b6 3212 provides a crypt() of its own)
3213 - (djm) Avoid a warning in bsd-bindresvport.c
3214 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
61e96248 3215 can cause weird segfaults errors on Solaris
8694a1ce 3216 - (djm) Avoid warning in PAM code by making read_passphrase arguments const
d748039d 3217 - (djm) Add --with-pam to RPM spec files
52ce34a2 3218
2fd3c144 321920010115
3220 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
89c7e31c 3221 - (bal) utimes() support via utime() interface on machine that lack utimes().
2fd3c144 3222
63b68889 322320010114
3224 - (stevesk) initial work for OpenBSD "support supplementary group in
3225 {Allow,Deny}Groups" patch:
3226 - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
3227 - add bsd-getgrouplist.h
3228 - new files groupaccess.[ch]
3229 - build but don't use yet (need to merge auth.c changes)
c6a69271 3230 - (stevesk) complete:
3231 - markus@cvs.openbsd.org 2001/01/13 11:56:48
3232 [auth.c sshd.8]
3233 support supplementary group in {Allow,Deny}Groups
3234 from stevesk@pobox.com
61e96248 3235
f546c780 323620010112
3237 - (bal) OpenBSD Sync
3238 - markus@cvs.openbsd.org 2001/01/10 22:56:22
3239 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
3240 cleanup sftp-server implementation:
547519f0 3241 add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
3242 parse SSH2_FILEXFER_ATTR_EXTENDED
3243 send SSH2_FX_EOF if readdir returns no more entries
3244 reply to SSH2_FXP_EXTENDED message
3245 use #defines from the draft
3246 move #definations to sftp.h
f546c780 3247 more info:
61e96248 3248 http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
f546c780 3249 - markus@cvs.openbsd.org 2001/01/10 19:43:20
3250 [sshd.c]
3251 XXX - generate_empheral_server_key() is not safe against races,
61e96248 3252 because it calls log()
f546c780 3253 - markus@cvs.openbsd.org 2001/01/09 21:19:50
3254 [packet.c]
3255 allow TCP_NDELAY for ipv6; from netbsd via itojun@
3256
9548d6c8 325720010110
3258 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
3259 Bladt Norbert <Norbert.Bladt@adi.ch>
3260
af972861 326120010109
3262 - (bal) Resync CVS ID of cli.c
4b80e97b 3263 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
3264 code.
eea39c02 3265 - (bal) OpenBSD Sync
3266 - markus@cvs.openbsd.org 2001/01/08 22:29:05
3267 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
3268 sshd_config version.h]
3269 implement option 'Banner /etc/issue.net' for ssh2, move version to
3270 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
3271 is enabled).
3272 - markus@cvs.openbsd.org 2001/01/08 22:03:23
3273 [channels.c ssh-keyscan.c]
3274 O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
3275 - markus@cvs.openbsd.org 2001/01/08 21:55:41
3276 [sshconnect1.c]
3277 more cleanups and fixes from stevesk@pobox.com:
3278 1) try_agent_authentication() for loop will overwrite key just
3279 allocated with key_new(); don't alloc
3280 2) call ssh_close_authentication_connection() before exit
3281 try_agent_authentication()
3282 3) free mem on bad passphrase in try_rsa_authentication()
3283 - markus@cvs.openbsd.org 2001/01/08 21:48:17
3284 [kex.c]
3285 missing free; thanks stevesk@pobox.com
f1c4659d 3286 - (bal) Detect if clock_t structure exists, if not define it.
3287 - (bal) Detect if O_NONBLOCK exists, if not define it.
3288 - (bal) removed news4-posix.h (now empty)
3289 - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
3290 instead of 'int'
adc83ebf 3291 - (stevesk) sshd_config: sync
4f771a33 3292 - (stevesk) defines.h: remove spurious ``;''
af972861 3293
bbcf899f 329420010108
3295 - (bal) Fixed another typo in cli.c
3296 - (bal) OpenBSD Sync
3297 - markus@cvs.openbsd.org 2001/01/07 21:26:55
3298 [cli.c]
3299 typo
3300 - markus@cvs.openbsd.org 2001/01/07 21:26:55
3301 [cli.c]
3302 missing free, stevesk@pobox.com
3303 - markus@cvs.openbsd.org 2001/01/07 19:06:25
3304 [auth1.c]
3305 missing free, stevesk@pobox.com
3306 - markus@cvs.openbsd.org 2001/01/07 11:28:04
3307 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
3308 ssh.h sshd.8 sshd.c]
3309 rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
3310 syslog priority changes:
3311 fatal() LOG_ERR -> LOG_CRIT
3312 log() LOG_INFO -> LOG_NOTICE
b8c37305 3313 - Updated TODO
bbcf899f 3314
9616313f 331520010107
3316 - (bal) OpenBSD Sync
3317 - markus@cvs.openbsd.org 2001/01/06 11:23:27
3318 [ssh-rsa.c]
3319 remove unused
3320 - itojun@cvs.openbsd.org 2001/01/05 08:23:29
3321 [ssh-keyscan.1]
3322 missing .El
3323 - markus@cvs.openbsd.org 2001/01/04 22:41:03
3324 [session.c sshconnect.c]
3325 consistent use of _PATH_BSHELL; from stevesk@pobox.com
3326 - djm@cvs.openbsd.org 2001/01/04 22:35:32
3327 [ssh.1 sshd.8]
3328 Mention AES as available SSH2 Cipher; ok markus
3329 - markus@cvs.openbsd.org 2001/01/04 22:25:58
3330 [sshd.c]
3331 sync usage()/man with defaults; from stevesk@pobox.com
3332 - markus@cvs.openbsd.org 2001/01/04 22:21:26
3333 [sshconnect2.c]
3334 handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
3335 that prints a banner (e.g. /etc/issue.net)
61e96248 3336
1877dc0c 333720010105
3338 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
5a64a938 3339 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
1877dc0c 3340
488c06c8 334120010104
3342 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
3343 work by Chris Vaughan <vaughan99@yahoo.com>
3344
7c49df64 334520010103
3346 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
3347 tree (mainly positioning)
3348 - (bal) OpenSSH CVS Update
3349 - markus@cvs.openbsd.org 2001/01/02 20:41:02
3350 [packet.c]
3351 log remote ip on disconnect; PR 1600 from jcs@rt.fm
3352 - markus@cvs.openbsd.org 2001/01/02 20:50:56
3353 [sshconnect.c]
61e96248 3354 strict_host_key_checking for host_status != HOST_CHANGED &&
7c49df64 3355 ip_status == HOST_CHANGED
61e96248 3356 - (bal) authfile.c: Synced CVS ID tag
2c523de9 3357 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
3358 - (bal) Disable sftp-server if no 64bit int support exists. Based on
3359 patch by Tim Rice <tim@multitalents.net>
3360 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
3361 and sftp-server.8 manpage.
7c49df64 3362
a421e945 336320010102
3364 - (bal) OpenBSD CVS Update
3365 - markus@cvs.openbsd.org 2001/01/01 14:52:49
3366 [scp.c]
3367 use shared fatal(); from stevesk@pobox.com
3368
0efc80a7 336920001231
3370 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
3371 for multiple reasons.
b1335fdf 3372 - (bal) Reverted out of a partial NeXT patch.
0efc80a7 3373
efcae5b1 337420001230
3375 - (bal) OpenBSD CVS Update
3376 - markus@cvs.openbsd.org 2000/12/28 18:58:30
3377 [ssh-keygen.c]
3378 enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
b148018f 3379 - markus@cvs.openbsd.org 2000/12/29 22:19:13
3380 [channels.c]
3381 missing xfree; from vaughan99@yahoo.com
efcae5b1 3382 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
03a14cc9 3383 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
34665bf7 3384 Suggested by Christian Kurz <shorty@debian.org>
cb6dabf4 3385 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
61e96248 3386 don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
cb6dabf4 3387 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
0dd78cd8 3388
338920001229
61e96248 3390 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
34665bf7 3391 Kurz <shorty@debian.org>
8abcdba4 3392 - (bal) OpenBSD CVS Update
3393 - markus@cvs.openbsd.org 2000/12/28 14:25:51
3394 [auth.h auth2.c]
3395 count authentication failures only
3396 - markus@cvs.openbsd.org 2000/12/28 14:25:03
3397 [sshconnect.c]
3398 fingerprint for MITM attacks, too.
3399 - markus@cvs.openbsd.org 2000/12/28 12:03:57
3400 [sshd.8 sshd.c]
3401 document -D
3402 - markus@cvs.openbsd.org 2000/12/27 14:19:21
3403 [serverloop.c]
3404 less chatty
3405 - markus@cvs.openbsd.org 2000/12/27 12:34
3406 [auth1.c sshconnect2.c sshd.c]
3407 typo
3408 - markus@cvs.openbsd.org 2000/12/27 12:30:19
3409 [readconf.c readconf.h ssh.1 sshconnect.c]
3410 new option: HostKeyAlias: allow the user to record the host key
3411 under a different name. This is useful for ssh tunneling over
3412 forwarded connections or if you run multiple sshd's on different
3413 ports on the same machine.
3414 - markus@cvs.openbsd.org 2000/12/27 11:51:53
3415 [ssh.1 ssh.c]
3416 multiple -t force pty allocation, document ORIGINAL_COMMAND
3417 - markus@cvs.openbsd.org 2000/12/27 11:41:31
3418 [sshd.8]
3419 update for ssh-2
c52c7082 3420 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
3421 fix merge.
0dd78cd8 3422
8f523d67 342320001228
3424 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
3425 libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
9fb76616 3426 - (djm) Update to new x11-askpass in RPM spec
0dd78cd8 3427 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
3428 header. Patch by Tim Rice <tim@multitalents.net>
3429 - Updated TODO w/ known HP/UX issue
3430 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
3431 bad reference to 'NeXT including it else were' on the #ifdef version.
8f523d67 3432
b03bd394 343320001227
61e96248 3434 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
b03bd394 3435 Takumi Yamane <yamtak@b-session.com>
3436 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
8f523d67 3437 by Corinna Vinschen <vinschen@redhat.com>
3438 - (djm) Fix catman-do target for non-bash
61e96248 3439 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
8f523d67 3440 Takumi Yamane <yamtak@b-session.com>
3441 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
b03bd394 3442 by Corinna Vinschen <vinschen@redhat.com>
13991f8e 3443 - (djm) Fix catman-do target for non-bash
61e96248 3444 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
3445 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
f318b98b 3446 'RLIMIT_NOFILE'
61e96248 3447 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
3448 the info in COPYING.Ylonen has been moved to the start of each
3bdf55b1 3449 SSH1-derived file and README.Ylonen is well out of date.
b03bd394 3450
8d88011e 345120001223
3452 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
3453 if a change to config.h has occurred. Suggested by Gert Doering
3454 <gert@greenie.muc.de>
3455 - (bal) OpenBSD CVS Update:
3456 - markus@cvs.openbsd.org 2000/12/22 16:49:40
3457 [ssh-keygen.c]
3458 fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
3459
1e3b8b07 346020001222
3461 - Updated RCSID for pty.c
3462 - (bal) OpenBSD CVS Updates:
3463 - markus@cvs.openbsd.org 2000/12/21 15:10:16
3464 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
3465 print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
3466 - markus@cvs.openbsd.org 2000/12/20 19:26:56
3467 [authfile.c]
3468 allow ssh -i userkey for root
3469 - markus@cvs.openbsd.org 2000/12/20 19:37:21
3470 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
3471 fix prototypes; from stevesk@pobox.com
3472 - markus@cvs.openbsd.org 2000/12/20 19:32:08
3473 [sshd.c]
3474 init pointer to NULL; report from Jan.Ivan@cern.ch
3475 - markus@cvs.openbsd.org 2000/12/19 23:17:54
3476 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
3477 auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
3478 bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
3479 crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
3480 key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
3481 packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
3482 serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
3483 ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
3484 uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
3485 replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
3486 unsigned' with u_char.
3487
67b0facb 348820001221
3489 - (stevesk) OpenBSD CVS updates:
3490 - markus@cvs.openbsd.org 2000/12/19 15:43:45
3491 [authfile.c channels.c sftp-server.c ssh-agent.c]
3492 remove() -> unlink() for consistency
3493 - markus@cvs.openbsd.org 2000/12/19 15:48:09
3494 [ssh-keyscan.c]
3495 replace <ssl/x.h> with <openssl/x.h>
3496 - markus@cvs.openbsd.org 2000/12/17 02:33:40
3497 [uidswap.c]
3498 typo; from wsanchez@apple.com
61e96248 3499
adeebd37 350020001220
61e96248 3501 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
adeebd37 3502 and Linux-PAM. Based on report and fix from Andrew Morgan
3503 <morgan@transmeta.com>
3504
f072c47a 350520001218
3506 - (stevesk) rsa.c: entropy.h not needed.
0c2fb82f 3507 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
3508 Suggested by Wilfredo Sanchez <wsanchez@apple.com>
f072c47a 3509
731c1541 351020001216
3511 - (stevesk) OpenBSD CVS updates:
3512 - markus@cvs.openbsd.org 2000/12/16 02:53:57
3513 [scp.c]
3514 allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
3515 - markus@cvs.openbsd.org 2000/12/16 02:39:57
3516 [scp.c]
3517 unused; from stevesk@pobox.com
3518
227e8e86 351920001215
9853409f 3520 - (stevesk) Old OpenBSD patch wasn't completely applied:
3521 - markus@cvs.openbsd.org 2000/01/24 22:11:20
3522 [scp.c]
3523 allow '.' in usernames; from jedgar@fxp.org
227e8e86 3524 - (stevesk) OpenBSD CVS updates:
3525 - markus@cvs.openbsd.org 2000/12/13 16:26:53
3526 [ssh-keyscan.c]
3527 fatal already adds \n; from stevesk@pobox.com
3528 - markus@cvs.openbsd.org 2000/12/13 16:25:44
3529 [ssh-agent.c]
3530 remove redundant spaces; from stevesk@pobox.com
3531 - ho@cvs.openbsd.org 2000/12/12 15:50:21
3532 [pty.c]
3533 When failing to set tty owner and mode on a read-only filesystem, don't
3534 abort if the tty already has correct owner and reasonably sane modes.
3535 Example; permit 'root' to login to a firewall with read-only root fs.
3536 (markus@ ok)
3537 - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
3538 [pty.c]
3539 KNF
6ffc9c88 3540 - markus@cvs.openbsd.org 2000/12/12 14:45:21
3541 [sshd.c]
3542 source port < 1024 is no longer required for rhosts-rsa since it
3543 adds no additional security.
3544 - markus@cvs.openbsd.org 2000/12/12 16:11:49
3545 [ssh.1 ssh.c]
3546 rhosts-rsa is no longer automagically disabled if ssh is not privileged.
3547 UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
3548 these changes should not change the visible default behaviour of the ssh client.
71c0d06a 3549 - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
3550 [scp.c]
3551 when copying 0-sized files, do not re-print ETA time at completion
3e1caa83 3552 - provos@cvs.openbsd.org 2000/12/15 10:30:15
3553 [kex.c kex.h sshconnect2.c sshd.c]
3554 compute diffie-hellman in parallel between server and client. okay markus@
227e8e86 3555
6c935fbd 355620001213
3557 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
3558 from Andreas M. Kirchwitz <amk@krell.zikzak.de>
227e8e86 3559 - (stevesk) OpenBSD CVS update:
1fe6a48f 3560 - markus@cvs.openbsd.org 2000/12/12 15:30:02
3561 [ssh-keyscan.c ssh.c sshd.c]
61e96248 3562 consistently use __progname; from stevesk@pobox.com
6c935fbd 3563
367d1840 356420001211
3565 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
3566 patch to install ssh-keyscan manpage. Patch by Pekka Savola
3567 <pekka@netcore.fi>
e3a70753 3568 - (bal) OpenbSD CVS update
3569 - markus@cvs.openbsd.org 2000/12/10 17:01:53
3570 [sshconnect1.c]
3571 always request new challenge for skey/tis-auth, fixes interop with
3572 other implementations; report from roth@feep.net
367d1840 3573
6b523bae 357420001210
3575 - (bal) OpenBSD CVS updates
61e96248 3576 - markus@cvs.openbsd.org 2000/12/09 13:41:51
6b523bae 3577 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
3578 undo rijndael changes
61e96248 3579 - markus@cvs.openbsd.org 2000/12/09 13:48:31
6b523bae 3580 [rijndael.c]
3581 fix byte order bug w/o introducing new implementation
61e96248 3582 - markus@cvs.openbsd.org 2000/12/09 14:08:27
6b523bae 3583 [sftp-server.c]
3584 "" -> "." for realpath; from vinschen@redhat.com
61e96248 3585 - markus@cvs.openbsd.org 2000/12/09 14:06:54
6b523bae 3586 [ssh-agent.c]
3587 extern int optind; from stevesk@sweden.hp.com
13af0aa2 3588 - provos@cvs.openbsd.org 2000/12/09 23:51:11
3589 [compat.c]
3590 remove unnecessary '\n'
6b523bae 3591
ce9c0b75 359220001209
6b523bae 3593 - (bal) OpenBSD CVS updates:
61e96248 3594 - djm@cvs.openbsd.org 2000/12/07 4:24:59
ce9c0b75 3595 [ssh.1]
3596 Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
3597
f72fc97f 359820001207
6b523bae 3599 - (bal) OpenBSD CVS updates:
61e96248 3600 - markus@cvs.openbsd.org 2000/12/06 22:58:14
f72fc97f 3601 [compat.c compat.h packet.c]
3602 disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
dfe89252 3603 - markus@cvs.openbsd.org 2000/12/06 23:10:39
3604 [rijndael.c]
3605 unexpand(1)
61e96248 3606 - markus@cvs.openbsd.org 2000/12/06 23:05:43
dfe89252 3607 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
3608 new rijndael implementation. fixes endian bugs
f72fc97f 3609
97fb6912 361020001206
6b523bae 3611 - (bal) OpenBSD CVS updates:
97fb6912 3612 - markus@cvs.openbsd.org 2000/12/05 20:34:09
3613 [channels.c channels.h clientloop.c serverloop.c]
3614 async connects for -R/-L; ok deraadt@
3615 - todd@cvs.openssh.org 2000/12/05 16:47:28
3616 [sshd.c]
3617 tweak comment to reflect real location of pid file; ok provos@
bf5f69f7 3618 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
3619 have it (used in ssh-keyscan).
227e8e86 3620 - (stevesk) OpenBSD CVS update:
f20255cb 3621 - markus@cvs.openbsd.org 2000/12/06 19:57:48
3622 [ssh-keyscan.c]
3623 err(3) -> internal error(), from stevesk@sweden.hp.com
97fb6912 3624
f6fdbddf 362520001205
6b523bae 3626 - (bal) OpenBSD CVS updates:
f6fdbddf 3627 - markus@cvs.openbsd.org 2000/12/04 19:24:02
3628 [ssh-keyscan.c ssh-keyscan.1]
3629 David Maziere's ssh-keyscan, ok niels@
3630 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
3631 to the recent OpenBSD source tree.
835d2104 3632 - (stevesk) fix typos in contrib/hpux/README
f6fdbddf 3633
cbc5abf9 363420001204
3635 - (bal) More C functions defined in NeXT that are unaccessable without
61e96248 3636 defining -POSIX.
3637 - (bal) OpenBSD CVS updates:
3638 - markus@cvs.openbsd.org 2000/12/03 11:29:04
cbc5abf9 3639 [compat.c]
3640 remove fallback to SSH_BUG_HMAC now that the drafts are updated
3641 - markus@cvs.openbsd.org 2000/12/03 11:27:55
3642 [compat.c]
61e96248 3643 correctly match "2.1.0.pl2 SSH" etc; from
97fb6912 3644 pekkas@netcore.fi/bugzilla.redhat
cbc5abf9 3645 - markus@cvs.openbsd.org 2000/12/03 11:15:03
3646 [auth2.c compat.c compat.h sshconnect2.c]
3647 support f-secure/ssh.com 2.0.12; ok niels@
3648
0b6fbf03 364920001203
cbc5abf9 3650 - (bal) OpenBSD CVS updates:
0b6fbf03 3651 - markus@cvs.openbsd.org 2000/11/30 22:54:31
3652 [channels.c]
61e96248 3653 debug->warn if tried to do -R style fwd w/o client requesting this;
0b6fbf03 3654 ok neils@
3655 - markus@cvs.openbsd.org 2000/11/29 20:39:17
3656 [cipher.c]
3657 des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
3658 - markus@cvs.openbsd.org 2000/11/30 18:33:05
3659 [ssh-agent.c]
3660 agents must not dump core, ok niels@
61e96248 3661 - markus@cvs.openbsd.org 2000/11/30 07:04:02
0b6fbf03 3662 [ssh.1]
3663 T is for both protocols
3664 - markus@cvs.openbsd.org 2000/12/01 00:00:51
3665 [ssh.1]
3666 typo; from green@FreeBSD.org
3667 - markus@cvs.openbsd.org 2000/11/30 07:02:35
3668 [ssh.c]
3669 check -T before isatty()
3670 - provos@cvs.openbsd.org 2000/11/29 13:51:27
3671 [sshconnect.c]
61e96248 3672 show IP address and hostname when new key is encountered. okay markus@
0b6fbf03 3673 - markus@cvs.openbsd.org 2000/11/30 22:53:35
3674 [sshconnect.c]
3675 disable agent/x11/port fwding if hostkey has changed; ok niels@
3676 - marksu@cvs.openbsd.org 2000/11/29 21:11:59
3677 [sshd.c]
3678 sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
3679 from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
8c9fe09e 3680 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
3681 PAM authentication using KbdInteractive.
3682 - (djm) Added another TODO
0b6fbf03 3683
90f4078a 368420001202
3685 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
61e96248 3686 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
90f4078a 3687 <mstone@cs.loyola.edu>
3688
dcef6523 368920001129
7062c40f 3690 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
3691 if there are background children with open fds.
c193d002 3692 - (djm) bsd-rresvport.c bzero -> memset
61e96248 3693 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
c193d002 3694 still fail during compilation of sftp-server).
3695 - (djm) Fail if ar is not found during configure
c523303b 3696 - (djm) OpenBSD CVS updates:
3697 - provos@cvs.openbsd.org 2000/11/22 08:38:31
3698 [sshd.8]
3699 talk about /etc/primes, okay markus@
3700 - markus@cvs.openbsd.org 2000/11/23 14:03:48
3701 [ssh.c sshconnect1.c sshconnect2.c]
3702 complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
3703 defaults
3704 - markus@cvs.openbsd.org 2000/11/25 09:42:53
3705 [sshconnect1.c]
3706 reorder check for illegal ciphers, bugreport from espie@
3707 - markus@cvs.openbsd.org 2000/11/25 10:19:34
3708 [ssh-keygen.c ssh.h]
3709 print keytype when generating a key.
3710 reasonable defaults for RSA1/RSA/DSA keys.
b3ec54b4 3711 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
3712 more manpage paths in fixpaths calls
3713 - (djm) Also add xauth path at Pekka's suggestion.
57ce3f00 3714 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
dcef6523 3715
e879a080 371620001125
3717 - (djm) Give up privs when reading seed file
3718
d343d900 371920001123
3720 - (bal) Merge OpenBSD changes:
3721 - markus@cvs.openbsd.org 2000/11/15 22:31:36
3722 [auth-options.c]
61e96248 3723 case insensitive key options; from stevesk@sweeden.hp.com
d343d900 3724 - markus@cvs.openbsd.org 2000/11/16 17:55:43
3725 [dh.c]
3726 do not use perror() in sshd, after child is forked()
3727 - markus@cvs.openbsd.org 2000/11/14 23:42:40
3728 [auth-rsa.c]
3729 parse option only if key matches; fix some confusing seen by the client
3730 - markus@cvs.openbsd.org 2000/11/14 23:44:19
3731 [session.c]
3732 check no_agent_forward_flag for ssh-2, too
3733 - markus@cvs.openbsd.org 2000/11/15
3734 [ssh-agent.1]
3735 reorder SYNOPSIS; typo, use .It
3736 - markus@cvs.openbsd.org 2000/11/14 23:48:55
3737 [ssh-agent.c]
3738 do not reorder keys if a key is removed
3739 - markus@cvs.openbsd.org 2000/11/15 19:58:08
3740 [ssh.c]
61e96248 3741 just ignore non existing user keys
d343d900 3742 - millert@cvs.openbsd.org 200/11/15 20:24:43
3743 [ssh-keygen.c]
3744 Add missing \n at end of error message.
3745
0b49a754 374620001122
3747 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
3748 are compilable.
3749 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
3750
fab2e5d3 375120001117
3752 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
3753 has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
61e96248 3754 - (stevesk) Reworked progname support.
260d427b 3755 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
3756 Shinichi Maruyama <marya@st.jip.co.jp>
fab2e5d3 3757
c2207f11 375820001116
3759 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
3760 releases.
3761 - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
3762 <roth@feep.net>
3763
3d398e04 376420001113
61e96248 3765 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
3d398e04 3766 contrib/README
fa08c86b 3767 - (djm) Merge OpenBSD changes:
3768 - markus@cvs.openbsd.org 2000/11/06 16:04:56
3769 [channels.c channels.h clientloop.c nchan.c serverloop.c]
3770 [session.c ssh.c]
3771 agent forwarding and -R for ssh2, based on work from
3772 jhuuskon@messi.uku.fi
3773 - markus@cvs.openbsd.org 2000/11/06 16:13:27
3774 [ssh.c sshconnect.c sshd.c]
3775 do not disabled rhosts(rsa) if server port > 1024; from
3776 pekkas@netcore.fi
3777 - markus@cvs.openbsd.org 2000/11/06 16:16:35
3778 [sshconnect.c]
3779 downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
3780 - markus@cvs.openbsd.org 2000/11/09 18:04:40
3781 [auth1.c]
3782 typo; from mouring@pconline.com
3783 - markus@cvs.openbsd.org 2000/11/12 12:03:28
3784 [ssh-agent.c]
3785 off-by-one when removing a key from the agent
3786 - markus@cvs.openbsd.org 2000/11/12 12:50:39
3787 [auth-rh-rsa.c auth2.c authfd.c authfd.h]
3788 [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
3789 [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
3790 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
3791 [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
61e96248 3792 [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
fa08c86b 3793 add support for RSA to SSH2. please test.
3794 there are now 3 types of keys: RSA1 is used by ssh-1 only,
3795 RSA and DSA are used by SSH2.
3796 you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
3797 keys for SSH2 and use the RSA keys for hostkeys or for user keys.
3798 SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
3799 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
f001465f 3800 - (djm) Change to interim version
5733a41a 3801 - (djm) Fix RPM spec file stupidity
6fff1ac4 3802 - (djm) fixpaths to DSA and RSA keys too
3d398e04 3803
d287c664 380420001112
3805 - (bal) SCO Patch to add needed libraries for configure.in. Patch by
3806 Phillips Porch <root@theporch.com>
3d398e04 3807 - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
3808 <dcp@sgi.com>
a3bf38d0 3809 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
3810 failed ioctl(TIOCSCTTY) call.
d287c664 3811
3c4d4fef 381220001111
3813 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
3814 packaging files
35325fd4 3815 - (djm) Fix new Makefile.in warnings
61e96248 3816 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
3817 promoted to type int. Report and fix from Dan Astoorian
027bf205 3818 <djast@cs.toronto.edu>
61e96248 3819 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
e3291159 3820 it wrong. Report from Bennett Todd <bet@rahul.net>
3c4d4fef 3821
3e366738 382220001110
3823 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
3824 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
3825 - (bal) Added in check to verify S/Key library is being detected in
3826 configure.in
61e96248 3827 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
3e366738 3828 Patch by Mark Miller <markm@swoon.net>
3829 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
61e96248 3830 to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
3e366738 3831 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
3832
373998a4 383320001107
e506ee73 3834 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
3835 Mark Miller <markm@swoon.net>
373998a4 3836 - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
3837 Jarno Huuskonen <jhuuskon@messi.uku.fi>
e506ee73 3838 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
3839 Mark D. Roth <roth@feep.net>
373998a4 3840
ac89998a 384120001106
3842 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
6c09e23c 3843 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
61e96248 3844 - (djm) Remove UPGRADING document in favour of a link to the better
d6846e6a 3845 maintained FAQ on www.openssh.com
73bd30fe 3846 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
3847 <pekkas@netcore.fi>
3848 - (djm) Don't need X11-askpass in RPM spec file if building without it
3849 from Pekka Savola <pekkas@netcore.fi>
c215ba3b 3850 - (djm) Release 2.3.0p1
97b378bf 3851 - (bal) typo in configure.in in regards to --with-ldflags from Marko
3852 Asplund <aspa@kronodoc.fi>
3853 - (bal) fixed next-posix.h. Forgot prototype of getppid().
68f189a9 3854
b850ecd9 385520001105
3856 - (bal) Sync with OpenBSD:
3857 - markus@cvs.openbsd.org 2000/10/31 9:31:58
3858 [compat.c]
3859 handle all old openssh versions
3860 - markus@cvs.openbsd.org 2000/10/31 13:1853
3861 [deattack.c]
3862 so that large packets do not wrap "n"; from netbsd
3863 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
a30ce26d 3864 - (bal) auth2-skey.c - Checked in. Missing from portable tree.
3865 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
3866 setsid() into more common files
96054e6f 3867 - (stevesk) pty.c: use __hpux to identify HP-UX.
d0127657 3868 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
3869 bsd-waitpid.c
b850ecd9 3870
75b90ced 387120001029
3872 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
95273555 3873 - (stevesk) Create contrib/cygwin/ directory; patch from
3874 Corinna Vinschen <vinschen@redhat.com>
e9e4a1c7 3875 - (bal) Resolved more $xno and $xyes issues in configure.in
fd5f0295 3876 - (bal) next-posix.h - spelling and forgot a prototype
75b90ced 3877
344f2b94 387820001028
61e96248 3879 - (djm) fix select hack in serverloop.c from Philippe WILLEM
344f2b94 3880 <Philippe.WILLEM@urssaf.fr>
240ae474 3881 - (djm) Fix mangled AIXAUTHENTICATE code
61e96248 3882 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
606ea390 3883 <markus.friedl@informatik.uni-erlangen.de>
a22aff1f 3884 - (djm) Sync with OpenBSD:
3885 - markus@cvs.openbsd.org 2000/10/16 15:46:32
3886 [ssh.1]
3887 fixes from pekkas@netcore.fi
3888 - markus@cvs.openbsd.org 2000/10/17 14:28:11
3889 [atomicio.c]
3890 return number of characters processed; ok deraadt@
3891 - markus@cvs.openbsd.org 2000/10/18 12:04:02
3892 [atomicio.c]
3893 undo
3894 - markus@cvs.openbsd.org 2000/10/18 12:23:02
3895 [scp.c]
3896 replace atomicio(read,...) with read(); ok deraadt@
3897 - markus@cvs.openbsd.org 2000/10/18 12:42:00
3898 [session.c]
3899 restore old record login behaviour
3900 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
3901 [auth-skey.c]
3902 fmt string problem in unused code
3903 - provos@cvs.openbsd.org 2000/10/19 10:45:16
3904 [sshconnect2.c]
3905 don't reference freed memory. okay deraadt@
3906 - markus@cvs.openbsd.org 2000/10/21 11:04:23
3907 [canohost.c]
3908 typo, eramore@era-t.ericsson.se; ok niels@
3909 - markus@cvs.openbsd.org 2000/10/23 13:31:55
3910 [cipher.c]
3911 non-alignment dependent swap_bytes(); from
3912 simonb@wasabisystems.com/netbsd
3913 - markus@cvs.openbsd.org 2000/10/26 12:38:28
3914 [compat.c]
3915 add older vandyke products
3916 - markus@cvs.openbsd.org 2000/10/27 01:32:19
3917 [channels.c channels.h clientloop.c serverloop.c session.c]
3918 [ssh.c util.c]
61e96248 3919 enable non-blocking IO on channels, and tty's (except for the
a22aff1f 3920 client ttys).
344f2b94 3921
ddc49b5c 392220001027
3923 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
3924
48e7916f 392520001025
3926 - (djm) Added WARNING.RNG file and modified configure to ask users of the
3927 builtin entropy code to read it.
3928 - (djm) Prefer builtin regex to PCRE.
00937921 3929 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
3930 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
3931 <proski@gnu.org>
48e7916f 3932
8dcda1e3 393320001020
3934 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
07bee9a7 3935 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
3936 is more correct then current version.
8dcda1e3 3937
f5af5cd5 393820001018
3939 - (stevesk) Add initial support for setproctitle(). Current
3940 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
134fd7f6 3941 - (stevesk) Add egd startup scripts to contrib/hpux/
f5af5cd5 3942
2f31bdd6 394320001017
3944 - (djm) Add -lregex to cywin libs from Corinna Vinschen
3945 <vinschen@cygnus.com>
ba7a3f40 3946 - (djm) Don't rely on atomicio's retval to determine length of askpass
3947 supplied passphrase. Problem report from Lutz Jaenicke
3948 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
66d6c27e 3949 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
61e96248 3950 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
66d6c27e 3951 <nakaji@tutrp.tut.ac.jp>
2f31bdd6 3952
33de75a3 395320001016
3954 - (djm) Sync with OpenBSD:
3955 - markus@cvs.openbsd.org 2000/10/14 04:01:15
3956 [cipher.c]
3957 debug3
3958 - markus@cvs.openbsd.org 2000/10/14 04:07:23
3959 [scp.c]
3960 remove spaces from arguments; from djm@mindrot.org
3961 - markus@cvs.openbsd.org 2000/10/14 06:09:46
3962 [ssh.1]
3963 Cipher is for SSH-1 only
3964 - markus@cvs.openbsd.org 2000/10/14 06:12:09
3965 [servconf.c servconf.h serverloop.c session.c sshd.8]
3966 AllowTcpForwarding; from naddy@
3967 - markus@cvs.openbsd.org 2000/10/14 06:16:56
3968 [auth2.c compat.c compat.h sshconnect2.c version.h]
61e96248 3969 OpenSSH_2.3; note that is is not complete, but the version number
33de75a3 3970 needs to be changed for interoperability reasons
3971 - markus@cvs.openbsd.org 2000/10/14 06:19:45
3972 [auth-rsa.c]
3973 do not send RSA challenge if key is not allowed by key-options; from
3974 eivind@ThinkSec.com
3975 - markus@cvs.openbsd.org 2000/10/15 08:14:01
3976 [rijndael.c session.c]
3977 typos; from stevesk@sweden.hp.com
3978 - markus@cvs.openbsd.org 2000/10/15 08:18:31
3979 [rijndael.c]
3980 typo
61e96248 3981 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
30d8b039 3982 through diffs
61e96248 3983 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
30d8b039 3984 <pekkas@netcore.fi>
aa0289fe 3985 - (djm) Update version in Redhat spec file
61e96248 3986 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
aa0289fe 3987 Redhat 7.0 spec file
5b2d4b75 3988 - (djm) Make inability to read/write PRNG seedfile non-fatal
3989
33de75a3 3990
4d670c24 399120001015
3992 - (djm) Fix ssh2 hang on background processes at logout.
3993
71dfaf1c 399420001014
443172c4 3995 - (bal) Add support for realpath and getcwd for platforms with broken
3996 or missing realpath implementations for sftp-server.
3997 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
61e96248 3998 - (bal) Add support for GNU rx library for those lacking regexp support
71dfaf1c 3999 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
02323c45 4000 - (djm) Revert SSH2 serverloop hack, will find a better way.
4ee81249 4001 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
4002 from Martin Johansson <fatbob@acc.umu.se>
94ec8c6b 4003 - (djm) Big OpenBSD sync:
4004 - markus@cvs.openbsd.org 2000/09/30 10:27:44
4005 [log.c]
4006 allow loglevel debug
4007 - markus@cvs.openbsd.org 2000/10/03 11:59:57
4008 [packet.c]
4009 hmac->mac
4010 - markus@cvs.openbsd.org 2000/10/03 12:03:03
4011 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
4012 move fake-auth from auth1.c to individual auth methods, disables s/key in
4013 debug-msg
4014 - markus@cvs.openbsd.org 2000/10/03 12:16:48
4015 ssh.c
4016 do not resolve canonname, i have no idea why this was added oin ossh
4017 - markus@cvs.openbsd.org 2000/10/09 15:30:44
4018 ssh-keygen.1 ssh-keygen.c
4019 -X now reads private ssh.com DSA keys, too.
4020 - markus@cvs.openbsd.org 2000/10/09 15:32:34
4021 auth-options.c
4022 clear options on every call.
4023 - markus@cvs.openbsd.org 2000/10/09 15:51:00
4024 authfd.c authfd.h
4025 interop with ssh-agent2, from <res@shore.net>
4026 - markus@cvs.openbsd.org 2000/10/10 14:20:45
4027 compat.c
4028 use rexexp for version string matching
4029 - provos@cvs.openbsd.org 2000/10/10 22:02:18
4030 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
4031 First rough implementation of the diffie-hellman group exchange. The
4032 client can ask the server for bigger groups to perform the diffie-hellman
4033 in, thus increasing the attack complexity when using ciphers with longer
4034 keys. University of Windsor provided network, T the company.
4035 - markus@cvs.openbsd.org 2000/10/11 13:59:52
4036 [auth-rsa.c auth2.c]
4037 clear auth options unless auth sucessfull
4038 - markus@cvs.openbsd.org 2000/10/11 14:00:27
4039 [auth-options.h]
4040 clear auth options unless auth sucessfull
4041 - markus@cvs.openbsd.org 2000/10/11 14:03:27
4042 [scp.1 scp.c]
4043 support 'scp -o' with help from mouring@pconline.com
4044 - markus@cvs.openbsd.org 2000/10/11 14:11:35
4045 [dh.c]
4046 Wall
4047 - markus@cvs.openbsd.org 2000/10/11 14:14:40
4048 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
4049 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
4050 add support for s/key (kbd-interactive) to ssh2, based on work by
4051 mkiernan@avantgo.com and me
4052 - markus@cvs.openbsd.org 2000/10/11 14:27:24
4053 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
4054 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
4055 [sshconnect2.c sshd.c]
4056 new cipher framework
4057 - markus@cvs.openbsd.org 2000/10/11 14:45:21
4058 [cipher.c]
4059 remove DES
4060 - markus@cvs.openbsd.org 2000/10/12 03:59:20
4061 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
4062 enable DES in SSH-1 clients only
4063 - markus@cvs.openbsd.org 2000/10/12 08:21:13
4064 [kex.h packet.c]
4065 remove unused
4066 - markus@cvs.openbsd.org 2000/10/13 12:34:46
4067 [sshd.c]
4068 Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
4069 - markus@cvs.openbsd.org 2000/10/13 12:59:15
4070 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
4071 rijndael/aes support
4072 - markus@cvs.openbsd.org 2000/10/13 13:10:54
4073 [sshd.8]
4074 more info about -V
4075 - markus@cvs.openbsd.org 2000/10/13 13:12:02
4076 [myproposal.h]
4077 prefer no compression
3ed32516 4078 - (djm) Fix scp user@host handling
4079 - (djm) Don't clobber ssh_prng_cmds on install
6bcf7caa 4080 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
4081 u_intXX_t types on all platforms.
9ea53ba5 4082 - (stevesk) rijndael.c: cleanup missing declaration warnings.
2919e060 4083 - (stevesk) ~/.hushlogin shouldn't cause required password change to
4084 be bypassed.
f5665f6f 4085 - (stevesk) Display correct path to ssh-askpass in configure output.
4086 Report from Lutz Jaenicke.
71dfaf1c 4087
ebd782f7 408820001007
4089 - (stevesk) Print PAM return value in PAM log messages to aid
4090 with debugging.
97994d32 4091 - (stevesk) Fix detection of pw_class struct member in configure;
4092 patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
4093
47a134c1 409420001002
4095 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
4096 - (djm) Add host system and CC to end-of-configure report. Suggested by
4097 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4098
7322ef0e 409920000931
4100 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
4101
6ac7829a 410220000930
b6490dcb 4103 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
61e96248 4104 - (djm) Support in bsd-snprintf.c for long long conversions from
772bd898 4105 Ben Lindstrom <mouring@pconline.com>
4106 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
857040fb 4107 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
61e96248 4108 very short lived X connections. Bug report from Tobias Oetiker
857040fb 4109 <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
bd2d7f6a 4110 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
4111 patch from Pekka Savola <pekkas@netcore.fi>
58665035 4112 - (djm) Forgot to cvs add LICENSE file
dc2901a0 4113 - (djm) Add LICENSE to RPM spec files
de273eef 4114 - (djm) CVS OpenBSD sync:
4115 - markus@cvs.openbsd.org 2000/09/26 13:59:59
4116 [clientloop.c]
4117 use debug2
4118 - markus@cvs.openbsd.org 2000/09/27 15:41:34
4119 [auth2.c sshconnect2.c]
4120 use key_type()
4121 - markus@cvs.openbsd.org 2000/09/28 12:03:18
4122 [channels.c]
4123 debug -> debug2 cleanup
61e96248 4124 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
2a7d529a 4125 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
4126 <Alain.St-Denis@ec.gc.ca>
61e96248 4127 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
4128 Problem was caused by interrupted read in ssh-add. Report from Donald
2a7d529a 4129 J. Barry <don@astro.cornell.edu>
6ac7829a 4130
c5d85828 413120000929
4132 - (djm) Fix SSH2 not terminating until all background tasks done problem.
61e96248 4133 - (djm) Another off-by-one fix from Pavel Kankovsky
4134 <peak@argo.troja.mff.cuni.cz>
22d89d24 4135 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
4136 tidy necessary differences. Use Markus' new debugN() in entropy.c
61e96248 4137 - (djm) Merged big SCO portability patch from Tim Rice
77bb0bca 4138 <tim@multitalents.net>
c5d85828 4139
6fd7f731 414020000926
4141 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
c5ae7384 4142 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
61e96248 4143 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
4144 Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
6fd7f731 4145
2f125ca1 414620000924
4147 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
4148 - (djm) A bit more cleanup - created cygwin_util.h
bcdaaeab 4149 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
4150 <markm@swoon.net>
2f125ca1 4151
764d4113 415220000923
61e96248 4153 - (djm) Fix address logging in utmp from Kevin Steves
764d4113 4154 <stevesk@sweden.hp.com>
777319db 4155 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
bd590612 4156 - (djm) Seperate tests for int64_t and u_int64_t types
61e96248 4157 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
37c1c46d 4158 <stevesk@sweden.hp.com>
e79b44e1 4159 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
61e96248 4160 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
e2144f11 4161 Michael Stone <mstone@cs.loyola.edu>
188adeb2 4162 - (djm) OpenBSD CVS sync:
4163 - markus@cvs.openbsd.org 2000/09/17 09:38:59
4164 [sshconnect2.c sshd.c]
4165 fix DEBUG_KEXDH
4166 - markus@cvs.openbsd.org 2000/09/17 09:52:51
4167 [sshconnect.c]
4168 yes no; ok niels@
4169 - markus@cvs.openbsd.org 2000/09/21 04:55:11
4170 [sshd.8]
4171 typo
4172 - markus@cvs.openbsd.org 2000/09/21 05:03:54
4173 [serverloop.c]
4174 typo
4175 - markus@cvs.openbsd.org 2000/09/21 05:11:42
4176 scp.c
4177 utime() to utimes(); mouring@pconline.com
4178 - markus@cvs.openbsd.org 2000/09/21 05:25:08
4179 sshconnect2.c
4180 change login logic in ssh2, allows plugin of other auth methods
4181 - markus@cvs.openbsd.org 2000/09/21 05:25:35
4182 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
4183 [serverloop.c]
4184 add context to dispatch_run
4185 - markus@cvs.openbsd.org 2000/09/21 05:07:52
4186 authfd.c authfd.h ssh-agent.c
4187 bug compat for old ssh.com software
764d4113 4188
7f377177 418920000920
4190 - (djm) Fix bad path substitution. Report from Andrew Miner
4191 <asminer@cs.iastate.edu>
4192
bcbf86ec 419320000916
61e96248 4194 - (djm) Fix SSL search order from Lutz Jaenicke
7950bf97 4195 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
19ece6d2 4196 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
9cd45ea4 4197 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
995edaac 4198 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
4199 Patch from Larry Jones <larry.jones@sdrc.com>
61e96248 4200 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
ad55cd03 4201 password change patch.
4202 - (djm) Bring licenses on my stuff in line with OpenBSD's
0bbfbdeb 4203 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
4204 Kevin Steves <stevesk@sweden.hp.com>
7f8f5e00 4205 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
4206 - (djm) Re-enable int64_t types - we need them for sftp
4207 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
4208 - (djm) Update Redhat SPEC file accordingly
4209 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
4210 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
61e96248 4211 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
7f8f5e00 4212 <Dirk.DeWachter@rug.ac.be>
61e96248 4213 - (djm) Fixprogs and entropy list fixes from Larry Jones
7f8f5e00 4214 <larry.jones@sdrc.com>
4215 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
4216 <tyoshida@gemini.rc.kyushu-u.ac.jp>
bcbf86ec 4217 - (djm) Merge OpenBSD changes:
4218 - markus@cvs.openbsd.org 2000/09/05 02:59:57
4219 [session.c]
4220 print hostname (not hushlogin)
4221 - markus@cvs.openbsd.org 2000/09/05 13:18:48
4222 [authfile.c ssh-add.c]
4223 enable ssh-add -d for DSA keys
4224 - markus@cvs.openbsd.org 2000/09/05 13:20:49
4225 [sftp-server.c]
4226 cleanup
4227 - markus@cvs.openbsd.org 2000/09/06 03:46:41
4228 [authfile.h]
4229 prototype
4230 - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
4231 [ALL]
61e96248 4232 cleanup copyright notices on all files. I have attempted to be
4233 accurate with the details. everything is now under Tatu's licence
4234 (which I copied from his readme), and/or the core-sdi bsd-ish thing
4235 for deattack, or various openbsd developers under a 2-term bsd
bcbf86ec 4236 licence. We're not changing any rules, just being accurate.
4237 - markus@cvs.openbsd.org 2000/09/07 14:40:30
4238 [channels.c channels.h clientloop.c serverloop.c ssh.c]
4239 cleanup window and packet sizes for ssh2 flow control; ok niels
4240 - markus@cvs.openbsd.org 2000/09/07 14:53:00
4241 [scp.c]
4242 typo
4243 - markus@cvs.openbsd.org 2000/09/07 15:13:37
4244 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
4245 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
4246 [pty.c readconf.c]
4247 some more Copyright fixes
4248 - markus@cvs.openbsd.org 2000/09/08 03:02:51
4249 [README.openssh2]
4250 bye bye
4251 - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
4252 [LICENCE cipher.c]
4253 a few more comments about it being ARC4 not RC4
4254 - markus@cvs.openbsd.org 2000/09/12 14:53:11
4255 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
4256 multiple debug levels
4257 - markus@cvs.openbsd.org 2000/09/14 14:25:15
4258 [clientloop.c]
4259 typo
4260 - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
4261 [ssh-agent.c]
4262 check return value for setenv(3) for failure, and deal appropriately
4263
deb8d717 426420000913
4265 - (djm) Fix server not exiting with jobs in background.
4266
b5e300c2 426720000905
4268 - (djm) Import OpenBSD CVS changes
4269 - markus@cvs.openbsd.org 2000/08/31 15:52:24
4270 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
4271 implement a SFTP server. interops with sftp2, scp2 and the windows
4272 client from ssh.com
4273 - markus@cvs.openbsd.org 2000/08/31 15:56:03
4274 [README.openssh2]
4275 sync
4276 - markus@cvs.openbsd.org 2000/08/31 16:05:42
4277 [session.c]
4278 Wall
4279 - markus@cvs.openbsd.org 2000/08/31 16:09:34
4280 [authfd.c ssh-agent.c]
4281 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
4282 - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
4283 [scp.1 scp.c]
4284 cleanup and fix -S support; stevesk@sweden.hp.com
4285 - markus@cvs.openbsd.org 2000/09/01 16:29:32
4286 [sftp-server.c]
4287 portability fixes
4288 - markus@cvs.openbsd.org 2000/09/01 16:32:41
4289 [sftp-server.c]
4290 fix cast; mouring@pconline.com
4291 - itojun@cvs.openbsd.org 2000/09/03 09:23:28
4292 [ssh-add.1 ssh.1]
4293 add missing .El against .Bl.
4294 - markus@cvs.openbsd.org 2000/09/04 13:03:41
4295 [session.c]
4296 missing close; ok theo
4297 - markus@cvs.openbsd.org 2000/09/04 13:07:21
4298 [session.c]
4299 fix get_last_login_time order; from andre@van-veen.de
4300 - markus@cvs.openbsd.org 2000/09/04 13:10:09
4301 [sftp-server.c]
4302 more cast fixes; from mouring@pconline.com
4303 - markus@cvs.openbsd.org 2000/09/04 13:06:04
4304 [session.c]
4305 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
4306 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
3c62e7eb 4307 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
4308
1e61f54a 430920000903
4310 - (djm) Fix Redhat init script
4311
c80876b4 431220000901
4313 - (djm) Pick up Jim's new X11-askpass
4314 - (djm) Release 2.2.0p1
4315
8b4a0d08 431620000831
bcbf86ec 4317 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
8b4a0d08 4318 <acox@cv.telegroup.com>
b817711d 4319 - (djm) Pick up new version (2.2.0) from OpenBSD CVS
8b4a0d08 4320
0b65b628 432120000830
4322 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
10fa00c8 4323 - (djm) Periodically rekey arc4random
4324 - (djm) Clean up diff against OpenBSD.
bcbf86ec 4325 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
2b10f47a 4326 <stevesk@sweden.hp.com>
b33a2e6e 4327 - (djm) Quieten the pam delete credentials error message
44839801 4328 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
4329 Kevin Steves <stevesk@sweden.hp.com>
84a770d1 4330 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
7efa2776 4331 - (djm) Fix doh in bsd-arc4random.c
0b65b628 4332
9aaf9be4 433320000829
bcbf86ec 4334 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
4335 Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
9aaf9be4 4336 Garrick James <garrick@james.net>
b5f90139 4337 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
4338 Bastian Trompetter <btrompetter@firemail.de>
698d107e 4339 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
14a9a859 4340 - More OpenBSD updates:
4341 - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
4342 [scp.c]
4343 off_t in sink, to fix files > 2GB, i think, test is still running ;-)
4344 - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
4345 [session.c]
4346 Wall
4347 - markus@cvs.openbsd.org 2000/08/26 04:33:43
4348 [compat.c]
4349 ssh.com-2.3.0
4350 - markus@cvs.openbsd.org 2000/08/27 12:18:05
4351 [compat.c]
4352 compatibility with future ssh.com versions
4353 - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
4354 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
4355 print uid/gid as unsigned
4356 - markus@cvs.openbsd.org 2000/08/28 13:51:00
4357 [ssh.c]
4358 enable -n and -f for ssh2
4359 - markus@cvs.openbsd.org 2000/08/28 14:19:53
4360 [ssh.c]
4361 allow combination of -N and -f
4362 - markus@cvs.openbsd.org 2000/08/28 14:20:56
4363 [util.c]
4364 util.c
4365 - markus@cvs.openbsd.org 2000/08/28 14:22:02
4366 [util.c]
4367 undo
4368 - markus@cvs.openbsd.org 2000/08/28 14:23:38
4369 [util.c]
4370 don't complain if setting NONBLOCK fails with ENODEV
9aaf9be4 4371
137d7b6c 437220000823
4373 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
bcbf86ec 4374 Avoids "scp never exits" problem. Reports from Lutz Jaenicke
4375 <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
137d7b6c 4376 <kajiyama@grad.sccs.chukyo-u.ac.jp>
2e73a022 4377 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
da40ab4d 4378 - (djm) Add local version to version.h
ea788c22 4379 - (djm) Don't reseed arc4random everytime it is used
2e73a022 4380 - (djm) OpenBSD CVS updates:
4381 - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
4382 [ssh.c]
4383 accept remsh as a valid name as well; roman@buildpoint.com
4384 - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
4385 [deattack.c crc32.c packet.c]
4386 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
4387 libz crc32 function yet, because it has ugly "long"'s in it;
4388 oneill@cs.sfu.ca
4389 - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
4390 [scp.1 scp.c]
4391 -S prog support; tv@debian.org
4392 - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
4393 [scp.c]
4394 knf
4395 - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
4396 [log-client.c]
4397 shorten
4398 - markus@cvs.openbsd.org 2000/08/19 12:48:11
4399 [channels.c channels.h clientloop.c ssh.c ssh.h]
4400 support for ~. in ssh2
4401 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
4402 [crc32.h]
4403 proper prototype
4404 - markus@cvs.openbsd.org 2000/08/19 15:34:44
bcbf86ec 4405 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
4406 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
2e73a022 4407 [fingerprint.c fingerprint.h]
4408 add SSH2/DSA support to the agent and some other DSA related cleanups.
4409 (note that we cannot talk to ssh.com's ssh2 agents)
4410 - markus@cvs.openbsd.org 2000/08/19 15:55:52
4411 [channels.c channels.h clientloop.c]
4412 more ~ support for ssh2
4413 - markus@cvs.openbsd.org 2000/08/19 16:21:19
4414 [clientloop.c]
4415 oops
4416 - millert@cvs.openbsd.org 2000/08/20 12:25:53
4417 [session.c]
4418 We have to stash the result of get_remote_name_or_ip() before we
4419 close our socket or getpeername() will get EBADF and the process
4420 will exit. Only a problem for "UseLogin yes".
4421 - millert@cvs.openbsd.org 2000/08/20 12:30:59
4422 [session.c]
4423 Only check /etc/nologin if "UseLogin no" since login(1) may have its
4424 own policy on determining who is allowed to login when /etc/nologin
4425 is present. Also use the _PATH_NOLOGIN define.
4426 - millert@cvs.openbsd.org 2000/08/20 12:42:43
4427 [auth1.c auth2.c session.c ssh.c]
4428 Add calls to setusercontext() and login_get*(). We basically call
4429 setusercontext() in most places where previously we did a setlogin().
4430 Add default login.conf file and put root in the "daemon" login class.
4431 - millert@cvs.openbsd.org 2000/08/21 10:23:31
4432 [session.c]
4433 Fix incorrect PATH setting; noted by Markus.
137d7b6c 4434
c345cf9d 443520000818
4436 - (djm) OpenBSD CVS changes:
4437 - markus@cvs.openbsd.org 2000/07/22 03:14:37
4438 [servconf.c servconf.h sshd.8 sshd.c sshd_config]
4439 random early drop; ok theo, niels
4440 - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
4441 [ssh.1]
4442 typo
4443 - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
4444 [sshd.8]
4445 many fixes from pepper@mail.reppep.com
4446 - provos@cvs.openbsd.org 2000/08/01 13:01:42
4447 [Makefile.in util.c aux.c]
4448 rename aux.c to util.c to help with cygwin port
4449 - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
4450 [authfd.c]
4451 correct sun_len; Alexander@Leidinger.net
4452 - provos@cvs.openbsd.org 2000/08/02 10:27:17
4453 [readconf.c sshd.8]
4454 disable kerberos authentication by default
4455 - provos@cvs.openbsd.org 2000/08/02 11:27:05
4456 [sshd.8 readconf.c auth-krb4.c]
4457 disallow kerberos authentication if we can't verify the TGT; from
4458 dugsong@
4459 kerberos authentication is on by default only if you have a srvtab.
4460 - markus@cvs.openbsd.org 2000/08/04 14:30:07
4461 [auth.c]
4462 unused
4463 - markus@cvs.openbsd.org 2000/08/04 14:30:35
4464 [sshd_config]
4465 MaxStartups
4466 - markus@cvs.openbsd.org 2000/08/15 13:20:46
4467 [authfd.c]
4468 cleanup; ok niels@
4469 - markus@cvs.openbsd.org 2000/08/17 14:05:10
4470 [session.c]
4471 cleanup login(1)-like jobs, no duplicate utmp entries
4472 - markus@cvs.openbsd.org 2000/08/17 14:06:34
4473 [session.c sshd.8 sshd.c]
4474 sshd -u len, similar to telnetd
1a022229 4475 - (djm) Lastlog was not getting closed after writing login entry
39987cc0 4476 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
c345cf9d 4477
416ed5a7 447820000816
4479 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
bcbf86ec 4480 - (djm) Fix strerror replacement for old SunOS. Based on patch from
416ed5a7 4481 Charles Levert <charles@comm.polymtl.ca>
bcbf86ec 4482 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
416ed5a7 4483 implementation.
ba606eb2 4484 - (djm) SUN_LEN macro for systems which lack it
416ed5a7 4485
dbaa2e87 448620000815
4487 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
cd352c82 4488 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
4489 Michael Stone <mstone@cs.loyola.edu>
d93a7e5a 4490 - (djm) Don't seek in directory based lastlogs
bcbf86ec 4491 - (djm) Fix --with-ipaddr-display configure option test. Patch from
d93a7e5a 4492 Jarno Huuskonen <jhuuskon@messi.uku.fi>
2a2cb9e7 4493 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
dbaa2e87 4494
6c33bf70 449520000813
4496 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
4497 Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
4498
3fcce26c 449920000809
bcbf86ec 4500 - (djm) Define AIX hard limits if headers don't. Report from
3fcce26c 4501 Bill Painter <william.t.painter@lmco.com>
bcbf86ec 4502 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
32eec038 4503 <charles@comm.polymtl.ca>
3fcce26c 4504
71d43804 450520000808
4506 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
4507 time, spec file cleanup.
4508
f9bcea07 450920000807
378f2232 4510 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
47670e77 4511 - (djm) Suppress error messages on channel close shutdown() failurs
4512 works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
378f2232 4513 - (djm) Add some more entropy collection commands from Lutz Jaenicke
f9bcea07 4514
bcf89935 451520000725
4516 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
4517
4c8722d9 451820000721
4519 - (djm) OpenBSD CVS updates:
4520 - markus@cvs.openbsd.org 2000/07/16 02:27:22
4521 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
4522 [sshconnect1.c sshconnect2.c]
4523 make ssh-add accept dsa keys (the agent does not)
4524 - djm@cvs.openbsd.org 2000/07/17 19:25:02
4525 [sshd.c]
4526 Another closing of stdin; ok deraadt
4527 - markus@cvs.openbsd.org 2000/07/19 18:33:12
4528 [dsa.c]
4529 missing free, reorder
4530 - markus@cvs.openbsd.org 2000/07/20 16:23:14
4531 [ssh-keygen.1]
4532 document input and output files
4533
240777b8 453420000720
4c8722d9 4535 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
240777b8 4536
3c7def32 453720000716
4c8722d9 4538 - (djm) Release 2.1.1p4
3c7def32 4539
819b676f 454020000715
704b1659 4541 - (djm) OpenBSD CVS updates
4542 - provos@cvs.openbsd.org 2000/07/13 16:53:22
4543 [aux.c readconf.c servconf.c ssh.h]
4544 allow multiple whitespace but only one '=' between tokens, bug report from
4545 Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
4546 - provos@cvs.openbsd.org 2000/07/13 17:14:09
4547 [clientloop.c]
4548 typo; todd@fries.net
4549 - provos@cvs.openbsd.org 2000/07/13 17:19:31
4550 [scp.c]
4551 close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
4552 - markus@cvs.openbsd.org 2000/07/14 16:59:46
4553 [readconf.c servconf.c]
4554 allow leading whitespace. ok niels
4555 - djm@cvs.openbsd.org 2000/07/14 22:01:38
4556 [ssh-keygen.c ssh.c]
4557 Always create ~/.ssh with mode 700; ok Markus
819b676f 4558 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
4559 - Include floatingpoint.h for entropy.c
4560 - strerror replacement
704b1659 4561
3f7a7e4a 456220000712
c37fb3c1 4563 - (djm) Remove -lresolve for Reliant Unix
3f7a7e4a 4564 - (djm) OpenBSD CVS Updates:
4565 - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
4566 [session.c sshd.c ]
4567 make MaxStartups code still work with -d; djm
4568 - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
4569 [readconf.c ssh_config]
4570 disable FallBackToRsh by default
c37fb3c1 4571 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
4572 Ben Lindstrom <mouring@pconline.com>
1e970014 4573 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
4574 spec file.
dcb36e5d 4575 - (djm) Released 2.1.1p3
3f7a7e4a 4576
56118702 457720000711
4578 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
4579 <tbert@abac.com>
132dd316 4580 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
bcbf86ec 4581 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
c99e5056 4582 <mouring@pconline.com>
bcbf86ec 4583 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
dc2a6d09 4584 from Jim Watt <jimw@peisj.pebio.com>
2d9a148e 4585 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
4586 to compile on more platforms (incl NeXT).
cc6f2c4c 4587 - (djm) Added bsd-inet_aton and configure support for NeXT
aae19451 4588 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
089fbbd2 4589 - (djm) OpenBSD CVS updates:
4590 - markus@cvs.openbsd.org 2000/06/26 03:22:29
4591 [authfd.c]
4592 cleanup, less cut&paste
4593 - markus@cvs.openbsd.org 2000/06/26 15:59:19
4594 [servconf.c servconf.h session.c sshd.8 sshd.c]
bcbf86ec 4595 MaxStartups: limit number of unauthenticated connections, work by
089fbbd2 4596 theo and me
4597 - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
4598 [session.c]
4599 use no_x11_forwarding_flag correctly; provos ok
4600 - provos@cvs.openbsd.org 2000/07/05 15:35:57
4601 [sshd.c]
4602 typo
4603 - aaron@cvs.openbsd.org 2000/07/05 22:06:58
4604 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
bcbf86ec 4605 Insert more missing .El directives. Our troff really should identify
089fbbd2 4606 these and spit out a warning.
4607 - todd@cvs.openbsd.org 2000/07/06 21:55:04
4608 [auth-rsa.c auth2.c ssh-keygen.c]
4609 clean code is good code
4610 - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
4611 [serverloop.c]
4612 sense of port forwarding flag test was backwards
4613 - provos@cvs.openbsd.org 2000/07/08 17:17:31
4614 [compat.c readconf.c]
4615 replace strtok with strsep; from David Young <dyoung@onthejob.net>
4616 - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
4617 [auth.h]
4618 KNF
4619 - ho@cvs.openbsd.org 2000/07/08 19:27:33
4620 [compat.c readconf.c]
4621 Better conditions for strsep() ending.
4622 - ho@cvs.openbsd.org 2000/07/10 10:27:05
4623 [readconf.c]
4624 Get the correct message on errors. (niels@ ok)
4625 - ho@cvs.openbsd.org 2000/07/10 10:30:25
4626 [cipher.c kex.c servconf.c]
4627 strtok() --> strsep(). (niels@ ok)
5540ea9b 4628 - (djm) Fix problem with debug mode and MaxStartups
eb37534b 4629 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
4630 builds)
229f64ee 4631 - (djm) Add strsep function from OpenBSD libc for systems that lack it
56118702 4632
a8545c6c 463320000709
4634 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
4635 Kevin Steves <stevesk@sweden.hp.com>
ec90a7d6 4636 - (djm) Match prototype and function declaration for rresvport_af.
4637 Problem report from Niklas Edmundsson <nikke@ing.umu.se>
bcbf86ec 4638 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
732e8ac5 4639 builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
37f1df94 4640 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
4641 <jimw@peisj.pebio.com>
264dce47 4642 - (djm) Fix pam sprintf fix
4643 - (djm) Cleanup entropy collection code a little more. Split initialisation
4644 from seeding, perform intialisation immediatly at start, be careful with
4645 uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
5bf9cfe9 4646 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
4647 Including sigaction() et al. replacements
bcbf86ec 4648 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
eeec075f 4649 <tbert@abac.com>
a8545c6c 4650
e2902a5b 465120000708
bcbf86ec 4652 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
e2902a5b 4653 Aaron Hopkins <aaron@die.net>
7a33f831 4654 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
4655 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 4656 - (djm) Fixed undefined variables for OSF SIA. Report from
b3f162ba 4657 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
bcbf86ec 4658 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
b28e4a3b 4659 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
bcbf86ec 4660 - (djm) Don't use inet_addr.
e2902a5b 4661
5637650d 466220000702
4663 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
27494968 4664 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
4665 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
a4070484 4666 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
4667 Chris, the Young One <cky@pobox.com>
bcbf86ec 4668 - (djm) Fix scp progress meter on really wide terminals. Based on patch
88726b31 4669 from James H. Cloos Jr. <cloos@jhcloos.com>
5637650d 4670
388e9f9f 467120000701
4672 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
daaff4d5 4673 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
82258d68 4674 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
4675 <vinschen@cygnus.com>
30228d7c 4676 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
2647ae26 4677 - (djm) Added check for broken snprintf() functions which do not correctly
4678 terminate output string and attempt to use replacement.
46158300 4679 - (djm) Released 2.1.1p2
388e9f9f 4680
9f32ceb4 468120000628
4682 - (djm) Fixes to lastlog code for Irix
4683 - (djm) Use atomicio in loginrec
3206bb3b 4684 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
4685 Irix 6.x array sessions, project id's, and system audit trail id.
9e0c3e1f 4686 - (djm) Added 'distprep' make target to simplify packaging
bcbf86ec 4687 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
4d33e531 4688 support. Enable using "USE_SIA=1 ./configure [options]"
61e96248 4689
d8caae24 469020000627
4691 - (djm) Fixes to login code - not setting li->uid, cleanups
a05a70ab 4692 - (djm) Formatting
d8caae24 4693
fe30cc2e 469420000626
3e98362e 4695 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
4cb5ffa0 4696 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
4697 - (djm) Added password expiry checking (no password change support)
be0b9bb7 4698 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
4699 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
b5b3f75d 4700 - (djm) Fix fixed EGD code.
3e98362e 4701 - OpenBSD CVS update
4702 - provos@cvs.openbsd.org 2000/06/25 14:17:58
4703 [channels.c]
4704 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
4705
1c04b088 470620000623
bcbf86ec 4707 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
1c04b088 4708 Svante Signell <svante.signell@telia.com>
4709 - (djm) Autoconf logic to define sa_family_t if it is missing
e5a0294f 4710 - OpenBSD CVS Updates:
4711 - markus@cvs.openbsd.org 2000/06/22 10:32:27
4712 [sshd.c]
4713 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
4714 - djm@cvs.openbsd.org 2000/06/22 17:55:00
4715 [auth-krb4.c key.c radix.c uuencode.c]
4716 Missing CVS idents; ok markus
1c04b088 4717
f528fdf2 471820000622
4719 - (djm) Automatically generate host key during "make install". Suggested
4720 by Gary E. Miller <gem@rellim.com>
4721 - (djm) Paranoia before kill() system call
74fc9186 4722 - OpenBSD CVS Updates:
4723 - markus@cvs.openbsd.org 2000/06/18 18:50:11
4724 [auth2.c compat.c compat.h sshconnect2.c]
4725 make userauth+pubkey interop with ssh.com-2.2.0
4726 - markus@cvs.openbsd.org 2000/06/18 20:56:17
4727 [dsa.c]
4728 mem leak + be more paranoid in dsa_verify.
4729 - markus@cvs.openbsd.org 2000/06/18 21:29:50
4730 [key.c]
4731 cleanup fingerprinting, less hardcoded sizes
4732 - markus@cvs.openbsd.org 2000/06/19 19:39:45
4733 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
4734 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
bcbf86ec 4735 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
74fc9186 4736 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
4737 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
bcbf86ec 4738 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
4739 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
74fc9186 4740 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
4741 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
4742 OpenBSD tag
4743 - markus@cvs.openbsd.org 2000/06/21 10:46:10
4744 sshconnect2.c missing free; nuke old comment
f528fdf2 4745
e5fe9a1f 474620000620
4747 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
986a22ec 4748 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
e5fe9a1f 4749 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
c03aced4 4750 - (djm) Typo in loginrec.c
e5fe9a1f 4751
cbd7492e 475220000618
4753 - (djm) Add summary of configure options to end of ./configure run
bcbf86ec 4754 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
cbd7492e 4755 Michael Stone <mstone@cs.loyola.edu>
bcbf86ec 4756 - (djm) rusage is a privileged operation on some Unices (incl.
cbd7492e 4757 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
bcbf86ec 4758 - (djm) Avoid PAM failures when running without a TTY. Report from
cbd7492e 4759 Martin Petrak <petrak@spsknm.schools.sk>
4760 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
4761 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
729bfe59 4762 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
38c295d6 4763 - OpenBSD CVS updates:
4764 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
4765 [channels.c]
4766 everyone says "nix it" (remove protocol 2 debugging message)
4767 - markus@cvs.openbsd.org 2000/06/17 13:24:34
4768 [sshconnect.c]
4769 allow extended server banners
4770 - markus@cvs.openbsd.org 2000/06/17 14:30:10
4771 [sshconnect.c]
4772 missing atomicio, typo
4773 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
4774 [servconf.c servconf.h session.c sshd.8 sshd_config]
4775 add support for ssh v2 subsystems. ok markus@.
4776 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
4777 [readconf.c servconf.c]
4778 include = in WHITESPACE; markus ok
4779 - markus@cvs.openbsd.org 2000/06/17 19:09:10
4780 [auth2.c]
4781 implement bug compatibility with ssh-2.0.13 pubkey, server side
4782 - markus@cvs.openbsd.org 2000/06/17 21:00:28
4783 [compat.c]
4784 initial support for ssh.com's 2.2.0
4785 - markus@cvs.openbsd.org 2000/06/17 21:16:09
4786 [scp.c]
4787 typo
4788 - markus@cvs.openbsd.org 2000/06/17 22:05:02
4789 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
4790 split auth-rsa option parsing into auth-options
4791 add options support to authorized_keys2
4792 - markus@cvs.openbsd.org 2000/06/17 22:42:54
4793 [session.c]
4794 typo
cbd7492e 4795
509b1f88 479620000613
4797 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
4798 - Platform define for SCO 3.x which breaks on /dev/ptmx
4799 - Detect and try to fix missing MAXPATHLEN
a4d05724 4800 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
4801 <P.S.S.Camp@ukc.ac.uk>
509b1f88 4802
09564242 480320000612
4804 - (djm) Glob manpages in RPM spec files to catch compressed files
4805 - (djm) Full license in auth-pam.c
08ae384f 4806 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
383207f7 4807 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
4808 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
4809 def'd
4810 - Set AIX to use preformatted manpages
61e96248 4811
74b224a0 481220000610
4813 - (djm) Minor doc tweaks
217ab55e 4814 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
74b224a0 4815
32c80420 481620000609
4817 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
4818 (in favour of utmpx) on Solaris 8
4819
fa649821 482020000606
48c99b2c 4821 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
4822 list of commands (by default). Removed verbose debugging (by default).
bcbf86ec 4823 - (djm) Increased command entropy estimates and default entropy collection
48c99b2c 4824 timeout
f988dce5 4825 - (djm) Remove duplicate headers from loginrec.c
c5fa2eb0 4826 - (djm) Don't add /usr/local/lib to library search path on Irix
bcbf86ec 4827 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
fa649821 4828 <tibbs@math.uh.edu>
1e83f2a2 4829 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
4830 <zack@wolery.cumb.org>
fa649821 4831 - (djm) OpenBSD CVS updates:
4832 - todd@cvs.openbsd.org
4833 [sshconnect2.c]
4834 teach protocol v2 to count login failures properly and also enable an
4835 explanation of why the password prompt comes up again like v1; this is NOT
4836 crypto
61e96248 4837 - markus@cvs.openbsd.org
fa649821 4838 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
4839 xauth_location support; pr 1234
4840 [readconf.c sshconnect2.c]
4841 typo, unused
4842 [session.c]
4843 allow use_login only for login sessions, otherwise remote commands are
4844 execed with uid==0
4845 [sshd.8]
4846 document UseLogin better
4847 [version.h]
4848 OpenSSH 2.1.1
4849 [auth-rsa.c]
bcbf86ec 4850 fix match_hostname() logic for auth-rsa: deny access if we have a
fa649821 4851 negative match or no match at all
4852 [channels.c hostfile.c match.c]
bcbf86ec 4853 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
fa649821 4854 kris@FreeBSD.org
4855
8e7b16f8 485620000606
bcbf86ec 4857 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
8e7b16f8 4858 configure.
4859
d7c0f3d5 486020000604
4861 - Configure tweaking for new login code on Irix 5.3
2d6c411f 4862 - (andre) login code changes based on djm feedback
d7c0f3d5 4863
2d6c411f 486420000603
4865 - (andre) New login code
4866 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
4867 - Add loginrec.[ch], logintest.c and autoconf code
61e96248 4868
5daf7064 486920000531
4870 - Cleanup of auth.c, login.c and fake-*
4871 - Cleanup of auth-pam.c, save and print "account expired" error messages
e5662474 4872 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
69134b9b 4873 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
4874 of fallback DIY code.
5daf7064 4875
b9f446d1 487620000530
4877 - Define atexit for old Solaris
b02ebca1 4878 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
4879 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
71276795 4880 - OpenBSD CVS updates:
4881 - markus@cvs.openbsd.org
4882 [session.c]
4883 make x11-fwd work w/ localhost (xauth add host/unix:11)
4884 [cipher.c compat.c readconf.c servconf.c]
4885 check strtok() != NULL; ok niels@
4886 [key.c]
4887 fix key_read() for uuencoded keys w/o '='
4888 [serverloop.c]
4889 group ssh1 vs. ssh2 in serverloop
4890 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
4891 split kexinit/kexdh, factor out common code
4892 [readconf.c ssh.1 ssh.c]
4893 forwardagent defaults to no, add ssh -A
4894 - theo@cvs.openbsd.org
4895 [session.c]
4896 just some line shortening
60688ef9 4897 - Released 2.1.0p3
b9f446d1 4898
29611d9c 489920000520
4900 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
25422c70 4901 - Don't touch utmp if USE_UTMPX defined
a423beaf 4902 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
fc1e8bf4 4903 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
bcbf86ec 4904 - HPUX and Configure fixes from Lutz Jaenicke
fc1e8bf4 4905 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 4906 - Use mkinstalldirs script to make directories instead of non-portable
fc1e8bf4 4907 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a905808d 4908 - Doc cleanup
29611d9c 4909
301e9b01 491020000518
4911 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
4912 - OpenBSD CVS updates:
4913 - markus@cvs.openbsd.org
4914 [sshconnect.c]
4915 copy only ai_addrlen bytes; misiek@pld.org.pl
4916 [auth.c]
bcbf86ec 4917 accept an empty shell in authentication; bug reported by
301e9b01 4918 chris@tinker.ucr.edu
4919 [serverloop.c]
4920 we don't have stderr for interactive terminal sessions (fcntl errors)
4921
ad85db64 492220000517
4923 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
4924 - Fixes command line printing segfaults (spotter: Bladt Norbert)
4925 - Fixes erroneous printing of debug messages to syslog
4926 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
4927 - Gives useful error message if PRNG initialisation fails
4928 - Reduced ssh startup delay
4929 - Measures cumulative command time rather than the time between reads
704b1659 4930 after select()
ad85db64 4931 - 'fixprogs' perl script to eliminate non-working entropy commands, and
704b1659 4932 optionally run 'ent' to measure command entropy
c1ef8333 4933 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
a64009ad 4934 - Avoid WCOREDUMP complation errors for systems that lack it
bcbf86ec 4935 - Avoid SIGCHLD warnings from entropy commands
28c1d5ce 4936 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
0e73cc53 4937 - OpenBSD CVS update:
bcbf86ec 4938 - markus@cvs.openbsd.org
0e73cc53 4939 [ssh.c]
4940 fix usage()
4941 [ssh2.h]
4942 draft-ietf-secsh-architecture-05.txt
4943 [ssh.1]
4944 document ssh -T -N (ssh2 only)
4945 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
4946 enable nonblocking IO for sshd w/ proto 1, too; split out common code
4947 [aux.c]
4948 missing include
c04f75f1 4949 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
4950 - INSTALL typo and URL fix
4951 - Makefile fix
4952 - Solaris fixes
bcbf86ec 4953 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
c04f75f1 4954 <ksakai@kso.netwk.ntt-at.co.jp>
afa5ee68 4955 - RSAless operation patch from kevin_oconnor@standardandpoors.com
d45e3d76 4956 - Detect OpenSSL seperatly from RSA
bcbf86ec 4957 - Better test for RSA (more compatible with RSAref). Based on work by
d45e3d76 4958 Ed Eden <ede370@stl.rural.usda.gov>
ad85db64 4959
3d1a1654 496020000513
bcbf86ec 4961 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
3d1a1654 4962 <misiek@pld.org.pl>
4963
d02a3a00 496420000511
bcbf86ec 4965 - Fix for prng_seed permissions checking from Lutz Jaenicke
d02a3a00 4966 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3d1a1654 4967 - "make host-key" fix for Irix
d02a3a00 4968
d0c832f3 496920000509
4970 - OpenBSD CVS update
4971 - markus@cvs.openbsd.org
4972 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
4973 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
4974 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
4975 - hugh@cvs.openbsd.org
4976 [ssh.1]
4977 - zap typo
4978 [ssh-keygen.1]
4979 - One last nit fix. (markus approved)
4980 [sshd.8]
4981 - some markus certified spelling adjustments
4982 - markus@cvs.openbsd.org
4983 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
4984 [sshconnect2.c ]
4985 - bug compat w/ ssh-2.0.13 x11, split out bugs
4986 [nchan.c]
4987 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
4988 [ssh-keygen.c]
4989 - handle escapes in real and original key format, ok millert@
4990 [version.h]
4991 - OpenSSH-2.1
3dc1102e 4992 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
e93ee87a 4993 - Doc updates
bcbf86ec 4994 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
21e5304a 4995 by Andre Lucas <andre.lucas@dial.pipex.com>
d0c832f3 4996
ebdeb9a8 499720000508
4998 - Makefile and RPM spec fixes
4999 - Generate DSA host keys during "make key" or RPM installs
f6cde515 5000 - OpenBSD CVS update
5001 - markus@cvs.openbsd.org
5002 [clientloop.c sshconnect2.c]
5003 - make x11-fwd interop w/ ssh-2.0.13
5004 [README.openssh2]
5005 - interop w/ SecureFX
5006 - Release 2.0.0beta2
ebdeb9a8 5007
bcbf86ec 5008 - Configure caching and cleanup patch from Andre Lucas'
58d100bf 5009 <andre.lucas@dial.pipex.com>
5010
1d1ffb87 501120000507
5012 - Remove references to SSLeay.
5013 - Big OpenBSD CVS update
5014 - markus@cvs.openbsd.org
5015 [clientloop.c]
5016 - typo
5017 [session.c]
5018 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
5019 [session.c]
5020 - update proctitle for proto 1, too
5021 [channels.h nchan.c serverloop.c session.c sshd.c]
5022 - use c-style comments
5023 - deraadt@cvs.openbsd.org
5024 [scp.c]
5025 - more atomicio
bcbf86ec 5026 - markus@cvs.openbsd.org
1d1ffb87 5027 [channels.c]
5028 - set O_NONBLOCK
5029 [ssh.1]
5030 - update AUTHOR
5031 [readconf.c ssh-keygen.c ssh.h]
5032 - default DSA key file ~/.ssh/id_dsa
5033 [clientloop.c]
5034 - typo, rm verbose debug
5035 - deraadt@cvs.openbsd.org
5036 [ssh-keygen.1]
5037 - document DSA use of ssh-keygen
5038 [sshd.8]
5039 - a start at describing what i understand of the DSA side
5040 [ssh-keygen.1]
5041 - document -X and -x
5042 [ssh-keygen.c]
5043 - simplify usage
bcbf86ec 5044 - markus@cvs.openbsd.org
1d1ffb87 5045 [sshd.8]
5046 - there is no rhosts_dsa
5047 [ssh-keygen.1]
5048 - document -y, update -X,-x
5049 [nchan.c]
5050 - fix close for non-open ssh1 channels
5051 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
5052 - s/DsaKey/HostDSAKey/, document option
5053 [sshconnect2.c]
5054 - respect number_of_password_prompts
5055 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
5056 - GatewayPorts for sshd, ok deraadt@
5057 [ssh-add.1 ssh-agent.1 ssh.1]
5058 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
5059 [ssh.1]
5060 - more info on proto 2
5061 [sshd.8]
5062 - sync AUTHOR w/ ssh.1
5063 [key.c key.h sshconnect.c]
5064 - print key type when talking about host keys
5065 [packet.c]
5066 - clear padding in ssh2
5067 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
5068 - replace broken uuencode w/ libc b64_ntop
5069 [auth2.c]
5070 - log failure before sending the reply
5071 [key.c radix.c uuencode.c]
5072 - remote trailing comments before calling __b64_pton
5073 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
5074 [sshconnect2.c sshd.8]
5075 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
5076 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
5077
1a11e1ae 507820000502
0fbe8c74 5079 - OpenBSD CVS update
5080 [channels.c]
5081 - init all fds, close all fds.
5082 [sshconnect2.c]
5083 - check whether file exists before asking for passphrase
5084 [servconf.c servconf.h sshd.8 sshd.c]
5085 - PidFile, pr 1210
5086 [channels.c]
5087 - EINTR
5088 [channels.c]
5089 - unbreak, ok niels@
5090 [sshd.c]
5091 - unlink pid file, ok niels@
5092 [auth2.c]
5093 - Add missing #ifdefs; ok - markus
bcbf86ec 5094 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
d3083fbd 5095 gathering commands from a text file
1a11e1ae 5096 - Release 2.0.0beta1
5097
c4bc58eb 509820000501
5099 - OpenBSD CVS update
5100 [packet.c]
5101 - send debug messages in SSH2 format
3189621b 5102 [scp.c]
5103 - fix very rare EAGAIN/EINTR issues; based on work by djm
5104 [packet.c]
5105 - less debug, rm unused
5106 [auth2.c]
5107 - disable kerb,s/key in ssh2
5108 [sshd.8]
5109 - Minor tweaks and typo fixes.
5110 [ssh-keygen.c]
5111 - Put -d into usage and reorder. markus ok.
bcbf86ec 5112 - Include missing headers for OpenSSL tests. Fix from Phil Karn
44fb55e9 5113 <karn@ka9q.ampr.org>
bcbf86ec 5114 - Fixed __progname symbol collisions reported by Andre Lucas
3fd95d9a 5115 <andre.lucas@dial.pipex.com>
0d5f7abc 5116 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
5117 <gd@hilb1.medat.de>
8cb940db 5118 - Add some missing ifdefs to auth2.c
8af50c98 5119 - Deprecate perl-tk askpass.
52bcc044 5120 - Irix portability fixes - don't include netinet headers more than once
5121 - Make sure we don't save PRNG seed more than once
c4bc58eb 5122
2b763e31 512320000430
5124 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
b7a87eea 5125 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
5126 patch.
5127 - Adds timeout to entropy collection
5128 - Disables slow entropy sources
5129 - Load and save seed file
bcbf86ec 5130 - Changed entropy seed code to user per-user seeds only (server seed is
b7a87eea 5131 saved in root's .ssh directory)
5132 - Use atexit() and fatal cleanups to save seed on exit
0b242b12 5133 - More OpenBSD updates:
5134 [session.c]
5135 - don't call chan_write_failed() if we are not writing
5136 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
5137 - keysize warnings error() -> log()
2b763e31 5138
a306f2dd 513920000429
5140 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
5141 [README.openssh2]
5142 - interop w/ F-secure windows client
5143 - sync documentation
5144 - ssh_host_dsa_key not ssh_dsa_key
5145 [auth-rsa.c]
5146 - missing fclose
5147 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
5148 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
5149 [sshd.c uuencode.c uuencode.h authfile.h]
5150 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
5151 for trading keys with the real and the original SSH, directly from the
5152 people who invented the SSH protocol.
5153 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
5154 [sshconnect1.c sshconnect2.c]
5155 - split auth/sshconnect in one file per protocol version
5156 [sshconnect2.c]
5157 - remove debug
5158 [uuencode.c]
5159 - add trailing =
5160 [version.h]
5161 - OpenSSH-2.0
5162 [ssh-keygen.1 ssh-keygen.c]
5163 - add -R flag: exit code indicates if RSA is alive
5164 [sshd.c]
5165 - remove unused
5166 silent if -Q is specified
5167 [ssh.h]
5168 - host key becomes /etc/ssh_host_dsa_key
5169 [readconf.c servconf.c ]
5170 - ssh/sshd default to proto 1 and 2
5171 [uuencode.c]
5172 - remove debug
5173 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
5174 - xfree DSA blobs
5175 [auth2.c serverloop.c session.c]
5176 - cleanup logging for sshd/2, respect PasswordAuth no
5177 [sshconnect2.c]
5178 - less debug, respect .ssh/config
5179 [README.openssh2 channels.c channels.h]
bcbf86ec 5180 - clientloop.c session.c ssh.c
a306f2dd 5181 - support for x11-fwding, client+server
5182
0ac7199f 518320000421
5184 - Merge fix from OpenBSD CVS
5185 [ssh-agent.c]
5186 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
5187 via Debian bug #59926
18ba2aab 5188 - Define __progname in session.c if libc doesn't
5189 - Remove indentation on autoconf #include statements to avoid bug in
bcbf86ec 5190 DEC Tru64 compiler. Report and fix from David Del Piero
18ba2aab 5191 <David.DelPiero@qed.qld.gov.au>
0ac7199f 5192
e1b37056 519320000420
bcbf86ec 5194 - Make fixpaths work with perl4, patch from Andre Lucas
e1b37056 5195 <andre.lucas@dial.pipex.com>
9da5c3c9 5196 - Sync with OpenBSD CVS:
5197 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
5198 - pid_t
5199 [session.c]
5200 - remove bogus chan_read_failed. this could cause data
5201 corruption (missing data) at end of a SSH2 session.
4e577b89 5202 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
5203 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
5204 - Use vhangup to clean up Linux ttys
5205 - Force posix getopt processing on GNU libc systems
371ecff9 5206 - Debian bug #55910 - remove references to ssl(8) manpages
247f1a89 5207 - Debian bug #58031 - ssh_config lies about default cipher
e1b37056 5208
d6f24e45 520920000419
5210 - OpenBSD CVS updates
5211 [channels.c]
5212 - fix pr 1196, listen_port and port_to_connect interchanged
5213 [scp.c]
bcbf86ec 5214 - after completion, replace the progress bar ETA counter with a final
d6f24e45 5215 elapsed time; my idea, aaron wrote the patch
5216 [ssh_config sshd_config]
5217 - show 'Protocol' as an example, ok markus@
5218 [sshd.c]
5219 - missing xfree()
5220 - Add missing header to bsd-misc.c
5221
35484284 522220000416
5223 - Reduce diff against OpenBSD source
bcbf86ec 5224 - All OpenSSL includes are now unconditionally referenced as
35484284 5225 openssl/foo.h
5226 - Pick up formatting changes
5227 - Other minor changed (typecasts, etc) that I missed
5228
6ae2364d 522920000415
5230 - OpenBSD CVS updates.
5231 [ssh.1 ssh.c]
5232 - ssh -2
5233 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
5234 [session.c sshconnect.c]
5235 - check payload for (illegal) extra data
5236 [ALL]
5237 whitespace cleanup
5238
c323ac76 523920000413
5240 - INSTALL doc updates
f54651ce 5241 - Merged OpenBSD updates to include paths.
bcbf86ec 5242
a8be9f80 524320000412
5244 - OpenBSD CVS updates:
5245 - [channels.c]
5246 repair x11-fwd
5247 - [sshconnect.c]
5248 fix passwd prompt for ssh2, less debugging output.
5249 - [clientloop.c compat.c dsa.c kex.c sshd.c]
5250 less debugging output
5251 - [kex.c kex.h sshconnect.c sshd.c]
5252 check for reasonable public DH values
5253 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
5254 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
5255 add Cipher and Protocol options to ssh/sshd, e.g.:
5256 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
5257 arcfour,3des-cbc'
5258 - [sshd.c]
5259 print 1.99 only if server supports both
5260
18e92801 526120000408
5262 - Avoid some compiler warnings in fake-get*.c
5263 - Add IPTOS macros for systems which lack them
9d98aaf6 5264 - Only set define entropy collection macros if they are found
e78a59f5 5265 - More large OpenBSD CVS updates:
5266 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
5267 [session.h ssh.h sshd.c README.openssh2]
5268 ssh2 server side, see README.openssh2; enable with 'sshd -2'
5269 - [channels.c]
5270 no adjust after close
5271 - [sshd.c compat.c ]
5272 interop w/ latest ssh.com windows client.
61e96248 5273
8ce64345 527420000406
5275 - OpenBSD CVS update:
5276 - [channels.c]
5277 close efd on eof
5278 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
5279 ssh2 client implementation, interops w/ ssh.com and lsh servers.
5280 - [sshconnect.c]
5281 missing free.
5282 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
5283 remove unused argument, split cipher_mask()
5284 - [clientloop.c]
5285 re-order: group ssh1 vs. ssh2
5286 - Make Redhat spec require openssl >= 0.9.5a
5287
e7627112 528820000404
5289 - Add tests for RAND_add function when searching for OpenSSL
7e7327a1 5290 - OpenBSD CVS update:
5291 - [packet.h packet.c]
5292 ssh2 packet format
5293 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
5294 [channels.h channels.c]
5295 channel layer support for ssh2
5296 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
5297 DSA, keyexchange, algorithm agreement for ssh2
6c081128 5298 - Generate manpages before make install not at the end of make all
5299 - Don't seed the rng quite so often
5300 - Always reseed rng when requested
e7627112 5301
bfc9a610 530220000403
5303 - Wrote entropy collection routines for systems that lack /dev/random
5304 and EGD
837c30b8 5305 - Disable tests and typedefs for 64 bit types. They are currently unused.
bfc9a610 5306
7368a6c8 530720000401
5308 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
5309 - [auth.c session.c sshd.c auth.h]
5310 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
5311 - [bufaux.c bufaux.h]
5312 support ssh2 bignums
5313 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
5314 [readconf.c ssh.c ssh.h serverloop.c]
5315 replace big switch() with function tables (prepare for ssh2)
5316 - [ssh2.h]
5317 ssh2 message type codes
5318 - [sshd.8]
5319 reorder Xr to avoid cutting
5320 - [serverloop.c]
5321 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
5322 - [channels.c]
5323 missing close
5324 allow bigger packets
5325 - [cipher.c cipher.h]
5326 support ssh2 ciphers
5327 - [compress.c]
5328 cleanup, less code
5329 - [dispatch.c dispatch.h]
5330 function tables for different message types
5331 - [log-server.c]
5332 do not log() if debuggin to stderr
5333 rename a cpp symbol, to avoid param.h collision
5334 - [mpaux.c]
5335 KNF
5336 - [nchan.c]
5337 sync w/ channels.c
5338
f5238bee 533920000326
5340 - Better tests for OpenSSL w/ RSAref
bcbf86ec 5341 - Added replacement setenv() function from OpenBSD libc. Suggested by
f5238bee 5342 Ben Lindstrom <mouring@pconline.com>
4fe2af09 5343 - OpenBSD CVS update
5344 - [auth-krb4.c]
5345 -Wall
5346 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
5347 [match.h ssh.c ssh.h sshconnect.c sshd.c]
5348 initial support for DSA keys. ok deraadt@, niels@
5349 - [cipher.c cipher.h]
5350 remove unused cipher_attack_detected code
5351 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5352 Fix some formatting problems I missed before.
5353 - [ssh.1 sshd.8]
5354 fix spelling errors, From: FreeBSD
5355 - [ssh.c]
5356 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
f5238bee 5357
0024a081 535820000324
5359 - Released 1.2.3
5360
bd499f9e 536120000317
5362 - Clarified --with-default-path option.
5363 - Added -blibpath handling for AIX to work around stupid runtime linking.
5364 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
986a22ec 5365 <jmknoble@jmknoble.cx>
474b5fef 5366 - Checks for 64 bit int types. Problem report from Mats Fredholm
5367 <matsf@init.se>
610cd5c6 5368 - OpenBSD CVS updates:
bcbf86ec 5369 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
610cd5c6 5370 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
5371 [sshd.c]
5372 pedantic: signed vs. unsigned, void*-arithm, etc
5373 - [ssh.1 sshd.8]
5374 Various cleanups and standardizations.
bcbf86ec 5375 - Runtime error fix for HPUX from Otmar Stahl
be48d23c 5376 <O.Stahl@lsw.uni-heidelberg.de>
bd499f9e 5377
4696775a 537820000316
bcbf86ec 5379 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
4696775a 5380 Hesprich <dghespri@sprintparanet.com>
d423d822 5381 - Propogate LD through to Makefile
b7a9ce47 5382 - Doc cleanups
2ba2a610 5383 - Added blurb about "scp: command not found" errors to UPGRADING
4696775a 5384
cb0b7ea4 538520000315
5386 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
5387 problems with gcc/Solaris.
bcbf86ec 5388 - Don't free argument to putenv() after use (in setenv() replacement).
db55a3ea 5389 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
bcbf86ec 5390 - Created contrib/ subdirectory. Included helpers from Phil Hands'
13652e52 5391 Debian package, README file and chroot patch from Ricardo Cerqueira
5392 <rmcc@clix.pt>
bcbf86ec 5393 - Moved gnome-ssh-askpass.c to contrib directory and removed config
13652e52 5394 option.
5395 - Slight cleanup to doc files
b14b2ae7 5396 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
cb0b7ea4 5397
a8ed9fd9 539820000314
bcbf86ec 5399 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
a8ed9fd9 5400 peter@frontierflying.com
84afc958 5401 - Include /usr/local/include and /usr/local/lib for systems that don't
5402 do it themselves
5403 - -R/usr/local/lib for Solaris
5404 - Fix RSAref detection
5405 - Fix IN6_IS_ADDR_V4MAPPED macro
a8ed9fd9 5406
bcf36c78 540720000311
5408 - Detect RSAref
43e48848 5409 - OpenBSD CVS change
5410 [sshd.c]
5411 - disallow guessing of root password
867dbf40 5412 - More configure fixes
80faa19f 5413 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
bcf36c78 5414
c8d54615 541520000309
5416 - OpenBSD CVS updates to v1.2.3
704b1659 5417 [ssh.h atomicio.c]
5418 - int atomicio -> ssize_t (for alpha). ok deraadt@
5419 [auth-rsa.c]
5420 - delay MD5 computation until client sends response, free() early, cleanup.
5421 [cipher.c]
5422 - void* -> unsigned char*, ok niels@
5423 [hostfile.c]
5424 - remove unused variable 'len'. fix comments.
5425 - remove unused variable
5426 [log-client.c log-server.c]
5427 - rename a cpp symbol, to avoid param.h collision
5428 [packet.c]
5429 - missing xfree()
5430 - getsockname() requires initialized tolen; andy@guildsoftware.com
5431 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
5432 from Holger.Trapp@Informatik.TU-Chemnitz.DE
5433 [pty.c pty.h]
bcbf86ec 5434 - register cleanup for pty earlier. move code for pty-owner handling to
c8d54615 5435 pty.c ok provos@, dugsong@
704b1659 5436 [readconf.c]
5437 - turn off x11-fwd for the client, too.
5438 [rsa.c]
5439 - PKCS#1 padding
5440 [scp.c]
5441 - allow '.' in usernames; from jedgar@fxp.org
5442 [servconf.c]
5443 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
5444 - sync with sshd_config
5445 [ssh-keygen.c]
5446 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
5447 [ssh.1]
5448 - Change invalid 'CHAT' loglevel to 'VERBOSE'
5449 [ssh.c]
5450 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
5451 - turn off x11-fwd for the client, too.
5452 [sshconnect.c]
5453 - missing xfree()
5454 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
5455 - read error vs. "Connection closed by remote host"
5456 [sshd.8]
5457 - ie. -> i.e.,
5458 - do not link to a commercial page..
5459 - sync with sshd_config
5460 [sshd.c]
5461 - no need for poll.h; from bright@wintelcom.net
5462 - log with level log() not fatal() if peer behaves badly.
5463 - don't panic if client behaves strange. ok deraadt@
5464 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
5465 - delay close() of pty until the pty has been chowned back to root
5466 - oops, fix comment, too.
5467 - missing xfree()
5468 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
5469 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
bcbf86ec 5470 - register cleanup for pty earlier. move code for pty-owner handling to
704b1659 5471 pty.c ok provos@, dugsong@
5472 - create x11 cookie file
5473 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
5474 - version 1.2.3
c8d54615 5475 - Cleaned up
bcbf86ec 5476 - Removed warning workaround for Linux and devpts filesystems (no longer
d8223847 5477 required after OpenBSD updates)
c8d54615 5478
07055445 547920000308
5480 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
5481
548220000307
5483 - Released 1.2.2p1
5484
9c8c3fc6 548520000305
5486 - Fix DEC compile fix
54096dcc 5487 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
aa6bd60a 5488 - Check for getpagesize in libucb.a if not found in libc. Fix for old
5489 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 5490 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
9fc7867e 5491 Mate Wierdl <mw@moni.msci.memphis.edu>
9c8c3fc6 5492
6bf4d066 549320000303
5494 - Added "make host-key" target, Suggestion from Dominik Brettnacher
5495 <domi@saargate.de>
bcbf86ec 5496 - Don't permanently fail on bind() if getaddrinfo has more choices left for
16218745 5497 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
5498 Miskiewicz <misiek@pld.org.pl>
22fa590f 5499 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
5500 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
6bf4d066 5501
a0391976 550220000302
5503 - Big cleanup of autoconf code
5504 - Rearranged to be a little more logical
5505 - Added -R option for Solaris
5506 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
5507 to detect library and header location _and_ ensure library has proper
5508 RSA support built in (this is a problem with OpenSSL 0.9.5).
817175bc 5509 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
0a1718dc 5510 - Avoid warning message with Unix98 ptys
bcbf86ec 5511 - Warning was valid - possible race condition on PTYs. Avoided using
3276571c 5512 platform-specific code.
5513 - Document some common problems
bcbf86ec 5514 - Allow root access to any key. Patch from
81eef326 5515 markus.friedl@informatik.uni-erlangen.de
a0391976 5516
f55afe71 551720000207
5518 - Removed SOCKS code. Will support through a ProxyCommand.
5519
d07d1c58 552020000203
5521 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
d581b7ae 5522 - Add --with-ssl-dir option
d07d1c58 5523
9d5f374b 552420000202
bcbf86ec 5525 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
9d5f374b 5526 <jmd@aoe.vt.edu>
6b1f3fdb 5527 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 5528 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
6b1f3fdb 5529 <haruyama@nt.phys.s.u-tokyo.ac.jp>
9d5f374b 5530
bc8c2601 553120000201
5532 - Use socket pairs by default (instead of pipes). Prevents race condition
5533 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
5534
69c76614 553520000127
5536 - Seed OpenSSL's random number generator before generating RSA keypairs
5537 - Split random collector into seperate file
aaf2abd7 5538 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
69c76614 5539
f9507c24 554020000126
5541 - Released 1.2.2 stable
5542
bcbf86ec 5543 - NeXT keeps it lastlog in /usr/adm. Report from
f9507c24 5544 mouring@newton.pconline.com
bcbf86ec 5545 - Added note in UPGRADING re interop with commercial SSH using idea.
986a22ec 5546 Report from Jim Knoble <jmknoble@jmknoble.cx>
587120ad 5547 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
5548 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
f9507c24 5549
bfae20ad 555020000125
bcbf86ec 5551 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
bfae20ad 5552 <andre.lucas@dial.pipex.com>
07b0cb78 5553 - Reorder PAM initialisation so it does not mess up lastlog. Reported
5554 by Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 5555 - Use preformatted manpages on SCO, report from Gary E. Miller
9755cbdb 5556 <gem@rellim.com>
5557 - New URL for x11-ssh-askpass.
bcbf86ec 5558 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
986a22ec 5559 <jmknoble@jmknoble.cx>
bcbf86ec 5560 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
986a22ec 5561 Jim Knoble <jmknoble@jmknoble.cx>
ff8ecdb8 5562 - Updated RPM spec files to use DESTDIR
bfae20ad 5563
bb58aa4b 556420000124
5565 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
5566 increment)
5567
d45317d8 556820000123
5569 - OpenBSD CVS:
5570 - [packet.c]
5571 getsockname() requires initialized tolen; andy@guildsoftware.com
bcbf86ec 5572 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
4c40f834 5573 <drankin@bohemians.lexington.ky.us>
12aa90af 5574 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
d45317d8 5575
e844f761 557620000122
5577 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
5578 <bent@clark.net>
c54a6257 5579 - Merge preformatted manpage patch from Andre Lucas
5580 <andre.lucas@dial.pipex.com>
8eb34e02 5581 - Make IPv4 use the default in RPM packages
5582 - Irix uses preformatted manpages
1e64903d 5583 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
5584 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
9bc5ddfe 5585 - OpenBSD CVS updates:
5586 - [packet.c]
5587 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
5588 from Holger.Trapp@Informatik.TU-Chemnitz.DE
5589 - [sshd.c]
5590 log with level log() not fatal() if peer behaves badly.
5591 - [readpass.c]
bcbf86ec 5592 instead of blocking SIGINT, catch it ourselves, so that we can clean
5593 the tty modes up and kill ourselves -- instead of our process group
61e96248 5594 leader (scp, cvs, ...) going away and leaving us in noecho mode.
9bc5ddfe 5595 people with cbreak shells never even noticed..
399d9d44 5596 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5597 ie. -> i.e.,
e844f761 5598
4c8ef3fb 559920000120
5600 - Don't use getaddrinfo on AIX
7b2ea3a1 5601 - Update to latest OpenBSD CVS:
5602 - [auth-rsa.c]
5603 - fix user/1056, sshd keeps restrictions; dbt@meat.net
5604 - [sshconnect.c]
5605 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
5606 - destroy keys earlier
bcbf86ec 5607 - split key exchange (kex) and user authentication (user-auth),
d468fc76 5608 ok: provos@
7b2ea3a1 5609 - [sshd.c]
5610 - no need for poll.h; from bright@wintelcom.net
5611 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
bcbf86ec 5612 - split key exchange (kex) and user authentication (user-auth),
d468fc76 5613 ok: provos@
f3bba493 5614 - Big manpage and config file cleanup from Andre Lucas
5615 <andre.lucas@dial.pipex.com>
5f4fdfae 5616 - Re-added latest (unmodified) OpenBSD manpages
47f9a56a 5617 - Doc updates
d468fc76 5618 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
5619 Christos Zoulas <christos@netbsd.org>
4c8ef3fb 5620
082bbfb3 562120000119
20af321f 5622 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
082bbfb3 5623 - Compile fix from Darren_Hall@progressive.com
59e76f33 5624 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
5625 addresses using getaddrinfo(). Added a configure switch to make the
5626 default lookup mode AF_INET
082bbfb3 5627
a63a7f37 562820000118
5629 - Fixed --with-pid-dir option
51a6baf8 5630 - Makefile fix from Gary E. Miller <gem@rellim.com>
61e96248 5631 - Compile fix for HPUX and Solaris from Andre Lucas
976f7e19 5632 <andre.lucas@dial.pipex.com>
a63a7f37 5633
f914c7fb 563420000117
5635 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
5636 port, ignore EINVAL errors (Linux) when searching for free port.
bcbf86ec 5637 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
de93b046 5638 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
9b363e1c 5639 - Document location of Redhat PAM file in INSTALL.
bcbf86ec 5640 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
5641 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
f4a7cf29 5642 deliver (no IPv6 kernel support)
80a44451 5643 - Released 1.2.1pre27
f914c7fb 5644
f4a7cf29 5645 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
bcbf86ec 5646 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
cf8ad170 5647 <jhuuskon@hytti.uku.fi>
bcbf86ec 5648 - Fix hang on logout if processes are still using the pty. Needs
691a8a9f 5649 further testing.
5957fd29 5650 - Patch from Christos Zoulas <christos@zoulas.com>
5651 - Try $prefix first when looking for OpenSSL.
5652 - Include sys/types.h when including sys/socket.h in test programs
bcbf86ec 5653 - Substitute PID directory in sshd.8. Suggestion from Andrew
19d9ac2a 5654 Stribblehill <a.d.stribblehill@durham.ac.uk>
f4a7cf29 5655
47e45e44 565620000116
5657 - Renamed --with-xauth-path to --with-xauth
5658 - Added --with-pid-dir option
5659 - Released 1.2.1pre26
5660
a82ef8ae 5661 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
bcbf86ec 5662 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
66be05a1 5663 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
a82ef8ae 5664
5cdfe03f 566520000115
5666 - Add --with-xauth-path configure directive and explicit test for
bcbf86ec 5667 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
5cdfe03f 5668 Nordby <anders@fix.no>
bcbf86ec 5669 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
5cdfe03f 5670 openpty. Report from John Seifarth <john@waw.be>
5671 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
bcbf86ec 5672 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
5cdfe03f 5673 <gem@rellim.com>
5674 - Use __snprintf and __vnsprintf if they are found where snprintf and
5675 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
5676 and others.
5677
48e671d5 567820000114
5679 - Merged OpenBSD IPv6 patch:
5680 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
5681 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
5682 [hostfile.c sshd_config]
5683 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
bcbf86ec 5684 features: sshd allows multiple ListenAddress and Port options. note
5685 that libwrap is not IPv6-ready. (based on patches from
48e671d5 5686 fujiwara@rcac.tdi.co.jp)
5687 - [ssh.c canohost.c]
bcbf86ec 5688 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
48e671d5 5689 from itojun@
5690 - [channels.c]
5691 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
5692 - [packet.h]
5693 allow auth-kerberos for IPv4 only
5694 - [scp.1 sshd.8 servconf.h scp.c]
5695 document -4, -6, and 'ssh -L 2022/::1/22'
5696 - [ssh.c]
bcbf86ec 5697 'ssh @host' is illegal (null user name), from
48e671d5 5698 karsten@gedankenpolizei.de
5699 - [sshconnect.c]
5700 better error message
5701 - [sshd.c]
5702 allow auth-kerberos for IPv4 only
5703 - Big IPv6 merge:
5704 - Cleanup overrun in sockaddr copying on RHL 6.1
5705 - Replacements for getaddrinfo, getnameinfo, etc based on versions
5706 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
5707 - Replacement for missing structures on systems that lack IPv6
5708 - record_login needed to know about AF_INET6 addresses
5709 - Borrowed more code from OpenBSD: rresvport_af and requisites
5710
2598df62 571120000110
5712 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
5713
b8a0310d 571420000107
5715 - New config.sub and config.guess to fix problems on SCO. Supplied
5716 by Gary E. Miller <gem@rellim.com>
b6a98a85 5717 - SCO build fix from Gary E. Miller <gem@rellim.com>
2598df62 5718 - Released 1.2.1pre25
b8a0310d 5719
dfb95100 572020000106
5721 - Documentation update & cleanup
5722 - Better KrbIV / AFS detection, based on patch from:
5723 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
5724
b9795b89 572520000105
bcbf86ec 5726 - Fixed annoying DES corruption problem. libcrypt has been
b9795b89 5727 overriding symbols in libcrypto. Removed libcrypt and crypt.h
5728 altogether (libcrypto includes its own crypt(1) replacement)
5729 - Added platform-specific rules for Irix 6.x. Included warning that
5730 they are untested.
5731
a1ec4d79 573220000103
5733 - Add explicit make rules for files proccessed by fixpaths.
61e96248 5734 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
a1ec4d79 5735 <tnh@kondara.org>
bcbf86ec 5736 - Removed "nullok" directive from default PAM configuration files.
5737 Added information on enabling EmptyPasswords on openssh+PAM in
607d73e6 5738 UPGRADING file.
e02735bb 5739 - OpenBSD CVS updates
5740 - [ssh-agent.c]
bcbf86ec 5741 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
e02735bb 5742 dgaudet@arctic.org
5743 - [sshconnect.c]
5744 compare correct version for 1.3 compat mode
a1ec4d79 5745
93c7f644 574620000102
5747 - Prevent multiple inclusion of config.h and defines.h. Suggested
5748 by Andre Lucas <andre.lucas@dial.pipex.com>
5749 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
5750 <dgaudet@arctic.org>
5751
76b8607f 575219991231
bcbf86ec 5753 - Fix password support on systems with a mixture of shadowed and
5754 non-shadowed passwords (e.g. NIS). Report and fix from
76b8607f 5755 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 5756 - Fix broken autoconf typedef detection. Report from Marc G.
723221b5 5757 Fournier <marc.fournier@acadiau.ca>
b92964b7 5758 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
5759 <Franz.Sirl-kernel@lauterbach.com>
bcbf86ec 5760 - Prevent typedefs from being compiled more than once. Report from
a6ddc88b 5761 Marc G. Fournier <marc.fournier@acadiau.ca>
4811cc0b 5762 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
5763 <iretd@bigfoot.com>
bcbf86ec 5764 - Really fix broken default path. Fix from Jim Knoble
986a22ec 5765 <jmknoble@jmknoble.cx>
ae3a3d31 5766 - Remove test for quad_t. No longer needed.
76a8e733 5767 - Released 1.2.1pre24
5768
5769 - Added support for directory-based lastlogs
5770 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
76b8607f 5771
13f825f4 577219991230
5773 - OpenBSD CVS updates:
5774 - [auth-passwd.c]
5775 check for NULL 1st
bcbf86ec 5776 - Removed most of the pam code into its own file auth-pam.[ch]. This
a5c9cd31 5777 cleaned up sshd.c up significantly.
bcbf86ec 5778 - PAM authentication was incorrectly interpreting
76b8607f 5779 "PermitRootLogin without-password". Report from Matthias Andree
5780 <ma@dt.e-technik.uni-dortmund.de
a5c9cd31 5781 - Several other cleanups
0bc5b6fb 5782 - Merged Dante SOCKS support patch from David Rankin
5783 <drankin@bohemians.lexington.ky.us>
5784 - Updated documentation with ./configure options
76b8607f 5785 - Released 1.2.1pre23
13f825f4 5786
c73a0cb5 578719991229
bcbf86ec 5788 - Applied another NetBSD portability patch from David Rankin
c73a0cb5 5789 <drankin@bohemians.lexington.ky.us>
5790 - Fix --with-default-path option.
bcbf86ec 5791 - Autodetect perl, patch from David Rankin
a0f84251 5792 <drankin@bohemians.lexington.ky.us>
bcbf86ec 5793 - Print whether OpenSSH was compiled with RSARef, patch from
0a2ff95d 5794 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
bcbf86ec 5795 - Calls to pam_setcred, patch from Nalin Dahyabhai
f91bacbd 5796 <nalin@thermo.stat.ncsu.edu>
e3a93db0 5797 - Detect missing size_t and typedef it.
5ab44a92 5798 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
5799 - Minor Makefile cleaning
c73a0cb5 5800
b6019d68 580119991228
5802 - Replacement for getpagesize() for systems which lack it
bcbf86ec 5803 - NetBSD login.c compile fix from David Rankin
70e0115b 5804 <drankin@bohemians.lexington.ky.us>
5805 - Fully set ut_tv if present in utmp or utmpx
d94aa2ae 5806 - Portability fixes for Irix 5.3 (now compiles OK!)
5807 - autoconf and other misc cleanups
ea1970a3 5808 - Merged AIX patch from Darren Hall <dhall@virage.org>
5809 - Cleaned up defines.h
fa9a2dd6 5810 - Released 1.2.1pre22
b6019d68 5811
d2dcff5f 581219991227
5813 - Automatically correct paths in manpages and configuration files. Patch
5814 and script from Andre Lucas <andre.lucas@dial.pipex.com>
5815 - Removed credits from README to CREDITS file, updated.
cb807f40 5816 - Added --with-default-path to specify custom path for server
5817 - Removed #ifdef trickery from acconfig.h into defines.h
36a5b38e 5818 - PAM bugfix. PermitEmptyPassword was being ignored.
5819 - Fixed PAM config files to allow empty passwords if server does.
5820 - Explained spurious PAM auth warning workaround in UPGRADING
21feb5fa 5821 - Use last few chars of tty line as ut_id
5a7794be 5822 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
00e6dd70 5823 - OpenBSD CVS updates:
5824 - [packet.h auth-rhosts.c]
5825 check format string for packet_disconnect and packet_send_debug, too
5826 - [channels.c]
5827 use packet_get_maxsize for channels. consistence.
d2dcff5f 5828
f74efc8d 582919991226
5830 - Enabled utmpx support by default for Solaris
5831 - Cleanup sshd.c PAM a little more
986a22ec 5832 - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
bc7ea646 5833 X11 ssh-askpass program.
20c43d8c 5834 - Disable logging of PAM success and failures, PAM is verbose enough.
bcbf86ec 5835 Unfortunatly there is currently no way to disable auth failure
5836 messages. Mention this in UPGRADING file and sent message to PAM
20c43d8c 5837 developers
83b7f649 5838 - OpenBSD CVS update:
5839 - [ssh-keygen.1 ssh.1]
bcbf86ec 5840 remove ref to .ssh/random_seed, mention .ssh/environment in
83b7f649 5841 .Sh FILES, too
72251cb6 5842 - Released 1.2.1pre21
bcbf86ec 5843 - Fixed implicit '.' in default path, report from Jim Knoble
986a22ec 5844 <jmknoble@jmknoble.cx>
5845 - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
f74efc8d 5846
f498ed15 584719991225
5848 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
5849 - Cleanup of auth-passwd.c for shadow and MD5 passwords
5850 - Cleanup and bugfix of PAM authentication code
f74efc8d 5851 - Released 1.2.1pre20
5852
5853 - Merged fixes from Ben Taylor <bent@clark.net>
5854 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
5855 - Disabled logging of PAM password authentication failures when password
5856 is empty. (e.g start of authentication loop). Reported by Naz
5857 <96na@eng.cam.ac.uk>)
f498ed15 5858
585919991223
bcbf86ec 5860 - Merged later HPUX patch from Andre Lucas
f498ed15 5861 <andre.lucas@dial.pipex.com>
5862 - Above patch included better utmpx support from Ben Taylor
f74efc8d 5863 <bent@clark.net>
f498ed15 5864
eef6f7e9 586519991222
bcbf86ec 5866 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
eef6f7e9 5867 <pope@netguide.dk>
ae28776a 5868 - Fix login.c breakage on systems which lack ut_host in struct
5869 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
eef6f7e9 5870
a7effaac 587119991221
bcbf86ec 5872 - Integration of large HPUX patch from Andre Lucas
5873 <andre.lucas@dial.pipex.com>. Integrating it had a few other
a7effaac 5874 benefits:
5875 - Ability to disable shadow passwords at configure time
5876 - Ability to disable lastlog support at configure time
5877 - Support for IP address in $DISPLAY
ae2f7af7 5878 - OpenBSD CVS update:
5879 - [sshconnect.c]
5880 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
59dd7a31 5881 - Fix DISABLE_SHADOW support
5882 - Allow MD5 passwords even if shadow passwords are disabled
16034de9 5883 - Release 1.2.1pre19
a7effaac 5884
3f1d9bcd 588519991218
bcbf86ec 5886 - Redhat init script patch from Chun-Chung Chen
3f1d9bcd 5887 <cjj@u.washington.edu>
7e1c2490 5888 - Avoid breakage on systems without IPv6 headers
3f1d9bcd 5889
60d804c8 589019991216
bcbf86ec 5891 - Makefile changes for Solaris from Peter Kocks
60d804c8 5892 <peter.kocks@baygate.com>
89cafde6 5893 - Minor updates to docs
5894 - Merged OpenBSD CVS changes:
5895 - [authfd.c ssh-agent.c]
5896 keysize warnings talk about identity files
5897 - [packet.c]
5898 "Connection closed by x.x.x.x": fatal() -> log()
bcbf86ec 5899 - Correctly handle empty passwords in shadow file. Patch from:
c9d323f0 5900 "Chris, the Young One" <cky@pobox.com>
5901 - Released 1.2.1pre18
60d804c8 5902
7dc6fc6d 590319991215
5904 - Integrated patchs from Juergen Keil <jk@tools.de>
5905 - Avoid void* pointer arithmatic
5906 - Use LDFLAGS correctly
68227e6d 5907 - Fix SIGIO error in scp
5908 - Simplify status line printing in scp
61e96248 5909 - Added better test for inline functions compiler support from
906a2515 5910 Darren_Hall@progressive.com
7dc6fc6d 5911
95f1eccc 591219991214
5913 - OpenBSD CVS Changes
5914 - [canohost.c]
bcbf86ec 5915 fix get_remote_port() and friends for sshd -i;
95f1eccc 5916 Holger.Trapp@Informatik.TU-Chemnitz.DE
5917 - [mpaux.c]
5918 make code simpler. no need for memcpy. niels@ ok
5919 - [pty.c]
5920 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
5921 fix proto; markus
5922 - [ssh.1]
5923 typo; mark.baushke@solipsa.com
5924 - [channels.c ssh.c ssh.h sshd.c]
5925 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
5926 - [sshconnect.c]
5927 move checking of hostkey into own function.
5928 - [version.h]
5929 OpenSSH-1.2.1
884bcb37 5930 - Clean up broken includes in pty.c
7303768f 5931 - Some older systems don't have poll.h, they use sys/poll.h instead
5932 - Doc updates
95f1eccc 5933
847e8865 593419991211
bcbf86ec 5935 - Fix compilation on systems with AFS. Reported by
847e8865 5936 aloomis@glue.umd.edu
bcbf86ec 5937 - Fix installation on Solaris. Reported by
847e8865 5938 Gordon Rowell <gordonr@gormand.com.au>
5939 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
5940 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
5941 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
5942 - Compile fix from David Agraz <dagraz@jahoopa.com>
5943 - Avoid compiler warning in bsd-snprintf.c
bcbf86ec 5944 - Added pam_limits.so to default PAM config. Suggested by
986a22ec 5945 Jim Knoble <jmknoble@jmknoble.cx>
847e8865 5946
8946db53 594719991209
5948 - Import of patch from Ben Taylor <bent@clark.net>:
5949 - Improved PAM support
5950 - "uninstall" rule for Makefile
5951 - utmpx support
5952 - Should fix PAM problems on Solaris
2d86a6cc 5953 - OpenBSD CVS updates:
5954 - [readpass.c]
5955 avoid stdio; based on work by markus, millert, and I
5956 - [sshd.c]
5957 make sure the client selects a supported cipher
5958 - [sshd.c]
bcbf86ec 5959 fix sighup handling. accept would just restart and daemon handled
5960 sighup only after the next connection was accepted. use poll on
2d86a6cc 5961 listen sock now.
5962 - [sshd.c]
5963 make that a fatal
87e91331 5964 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
5965 to fix libwrap support on NetBSD
5001b9e4 5966 - Released 1.2pre17
8946db53 5967
6d8c4ea4 596819991208
bcbf86ec 5969 - Compile fix for Solaris with /dev/ptmx from
6d8c4ea4 5970 David Agraz <dagraz@jahoopa.com>
5971
4285816a 597219991207
986a22ec 5973 - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
4285816a 5974 fixes compatability with 4.x and 5.x
db28aeb5 5975 - Fixed default SSH_ASKPASS
bcbf86ec 5976 - Fix PAM account and session being called multiple times. Problem
d465f2ca 5977 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
a408af76 5978 - Merged more OpenBSD changes:
5979 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
bcbf86ec 5980 move atomicio into it's own file. wrap all socket write()s which
a408af76 5981 were doing write(sock, buf, len) != len, with atomicio() calls.
5982 - [auth-skey.c]
5983 fd leak
5984 - [authfile.c]
5985 properly name fd variable
5986 - [channels.c]
5987 display great hatred towards strcpy
5988 - [pty.c pty.h sshd.c]
5989 use openpty() if it exists (it does on BSD4_4)
5990 - [tildexpand.c]
5991 check for ~ expansion past MAXPATHLEN
5992 - Modified helper.c to use new atomicio function.
5993 - Reformat Makefile a little
5994 - Moved RC4 routines from rc4.[ch] into helper.c
5995 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
9983a8ca 5996 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
5997 - Tweaked Redhat spec
9158d92f 5998 - Clean up bad imports of a few files (forgot -kb)
5999 - Released 1.2pre16
4285816a 6000
9c7b6dfd 600119991204
6002 - Small cleanup of PAM code in sshd.c
57112b5a 6003 - Merged OpenBSD CVS changes:
6004 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
6005 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
6006 - [auth-rsa.c]
6007 warn only about mismatch if key is _used_
6008 warn about keysize-mismatch with log() not error()
6009 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
6010 ports are u_short
6011 - [hostfile.c]
6012 indent, shorter warning
6013 - [nchan.c]
6014 use error() for internal errors
6015 - [packet.c]
6016 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
6017 serverloop.c
6018 indent
6019 - [ssh-add.1 ssh-add.c ssh.h]
6020 document $SSH_ASKPASS, reasonable default
6021 - [ssh.1]
6022 CheckHostIP is not available for connects via proxy command
6023 - [sshconnect.c]
6024 typo
6025 easier to read client code for passwd and skey auth
6026 turn of checkhostip for proxy connects, since we don't know the remote ip
9c7b6dfd 6027
dad3b556 602819991126
6029 - Add definition for __P()
6030 - Added [v]snprintf() replacement for systems that lack it
6031
0ce43ae4 603219991125
6033 - More reformatting merged from OpenBSD CVS
6034 - Merged OpenBSD CVS changes:
6035 - [channels.c]
6036 fix packet_integrity_check() for !have_hostname_in_open.
6037 report from mrwizard@psu.edu via djm@ibs.com.au
6038 - [channels.c]
6039 set SO_REUSEADDR and SO_LINGER for forwarded ports.
6040 chip@valinux.com via damien@ibs.com.au
6041 - [nchan.c]
6042 it's not an error() if shutdown_write failes in nchan.
6043 - [readconf.c]
6044 remove dead #ifdef-0-code
6045 - [readconf.c servconf.c]
6046 strcasecmp instead of tolower
6047 - [scp.c]
6048 progress meter overflow fix from damien@ibs.com.au
6049 - [ssh-add.1 ssh-add.c]
6050 SSH_ASKPASS support
6051 - [ssh.1 ssh.c]
6052 postpone fork_after_authentication until command execution,
6053 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
6054 plus: use daemon() for backgrounding
cf8dd513 6055 - Added BSD compatible install program and autoconf test, thanks to
6056 Niels Kristian Bech Jensen <nkbj@image.dk>
6057 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
09041313 6058 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
3dbefdb8 6059 - Release 1.2pre15
0ce43ae4 6060
5260325f 606119991124
6062 - Merged very large OpenBSD source code reformat
6063 - OpenBSD CVS updates
6064 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
6065 [ssh.h sshd.8 sshd.c]
6066 syslog changes:
6067 * Unified Logmessage for all auth-types, for success and for failed
6068 * Standard connections get only ONE line in the LOG when level==LOG:
6069 Auth-attempts are logged only, if authentication is:
6070 a) successfull or
6071 b) with passwd or
6072 c) we had more than AUTH_FAIL_LOG failues
6073 * many log() became verbose()
6074 * old behaviour with level=VERBOSE
6075 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
6076 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
6077 messages. allows use of s/key in windows (ttssh, securecrt) and
6078 ssh-1.2.27 clients without 'ssh -v', ok: niels@
6079 - [sshd.8]
6080 -V, for fallback to openssh in SSH2 compatibility mode
6081 - [sshd.c]
6082 fix sigchld race; cjc5@po.cwru.edu
6083
4655fe80 608419991123
6085 - Added SuSE package files from Chris Saia <csaia@wtower.com>
8b241e50 6086 - Restructured package-related files under packages/*
4655fe80 6087 - Added generic PAM config
8b241e50 6088 - Numerous little Solaris fixes
9c08d6ce 6089 - Add recommendation to use GNU make to INSTALL document
4655fe80 6090
60bed5fd 609119991122
6092 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
2f2cc3f9 6093 - OpenBSD CVS Changes
bcbf86ec 6094 - [ssh-keygen.c]
6095 don't create ~/.ssh only if the user wants to store the private
6096 key there. show fingerprint instead of public-key after
2f2cc3f9 6097 keygeneration. ok niels@
b09a984b 6098 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
96ad4350 6099 - Added timersub() macro
b09a984b 6100 - Tidy RCSIDs of bsd-*.c
bcbf86ec 6101 - Added autoconf test and macro to deal with old PAM libraries
96ad4350 6102 pam_strerror definition (one arg vs two).
530f1889 6103 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
bcbf86ec 6104 - Retry /dev/urandom reads interrupted by signal (report from
530f1889 6105 Robert Hardy <rhardy@webcon.net>)
1647c2b5 6106 - Added a setenv replacement for systems which lack it
d84a9a44 6107 - Only display public key comment when presenting ssh-askpass dialog
6108 - Released 1.2pre14
60bed5fd 6109
bcbf86ec 6110 - Configure, Make and changelog corrections from Tudor Bosman
2ddcfdf3 6111 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
6112
9d6b7add 611319991121
2f2cc3f9 6114 - OpenBSD CVS Changes:
60bed5fd 6115 - [channels.c]
6116 make this compile, bad markus
6117 - [log.c readconf.c servconf.c ssh.h]
6118 bugfix: loglevels are per host in clientconfig,
6119 factor out common log-level parsing code.
6120 - [servconf.c]
6121 remove unused index (-Wall)
6122 - [ssh-agent.c]
6123 only one 'extern char *__progname'
6124 - [sshd.8]
6125 document SIGHUP, -Q to synopsis
6126 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
6127 [channels.c clientloop.c]
6128 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
6129 [hope this time my ISP stays alive during commit]
6130 - [OVERVIEW README] typos; green@freebsd
6131 - [ssh-keygen.c]
6132 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
6133 exit if writing the key fails (no infinit loop)
6134 print usage() everytime we get bad options
6135 - [ssh-keygen.c] overflow, djm@mindrot.org
6136 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
61e96248 6137
2b942fe0 613819991120
bcbf86ec 6139 - Merged more Solaris support from Marc G. Fournier
2b942fe0 6140 <marc.fournier@acadiau.ca>
6141 - Wrote autoconf tests for integer bit-types
6142 - Fixed enabling kerberos support
bcbf86ec 6143 - Fix segfault in ssh-keygen caused by buffer overrun in filename
13c36c4c 6144 handling.
2b942fe0 6145
06479889 614619991119
6147 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
2ad77510 6148 - Merged OpenBSD CVS changes
6149 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
6150 more %d vs. %s in fmt-strings
6151 - [authfd.c]
6152 Integers should not be printed with %s
7b1cc56c 6153 - EGD uses a socket, not a named pipe. Duh.
6154 - Fix includes in fingerprint.c
29dbde15 6155 - Fix scp progress bar bug again.
bcbf86ec 6156 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
736890c4 6157 David Rankin <drankin@bohemians.lexington.ky.us>
91b8065d 6158 - Added autoconf option to enable Kerberos 4 support (untested)
6159 - Added autoconf option to enable AFS support (untested)
6160 - Added autoconf option to enable S/Key support (untested)
6161 - Added autoconf option to enable TCP wrappers support (compiles OK)
beb43d31 6162 - Renamed BSD helper function files to bsd-*
bcbf86ec 6163 - Added tests for login and daemon and enable OpenBSD replacements for
caf3bc51 6164 when they are absent.
6165 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
06479889 6166
2bd61362 616719991118
6168 - Merged OpenBSD CVS changes
6169 - [scp.c] foregroundproc() in scp
6170 - [sshconnect.h] include fingerprint.h
bcbf86ec 6171 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
2bd61362 6172 changes.
0c16a097 6173 - [ssh.1] Spell my name right.
2bd61362 6174 - Added openssh.com info to README
6175
f095fcc7 617619991117
6177 - Merged OpenBSD CVS changes
6178 - [ChangeLog.Ylonen] noone needs this anymore
6179 - [authfd.c] close-on-exec for auth-socket, ok deraadt
bcbf86ec 6180 - [hostfile.c]
6181 in known_hosts key lookup the entry for the bits does not need
6182 to match, all the information is contained in n and e. This
6183 solves the problem with buggy servers announcing the wrong
f095fcc7 6184 modulus length. markus and me.
bcbf86ec 6185 - [serverloop.c]
6186 bugfix: check for space if child has terminated, from:
f095fcc7 6187 iedowse@maths.tcd.ie
6188 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
6189 [fingerprint.c fingerprint.h]
6190 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
6191 - [ssh-agent.1] typo
6192 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
bcbf86ec 6193 - [sshd.c]
f095fcc7 6194 force logging to stderr while loading private key file
6195 (lost while converting to new log-levels)
6196
4d195447 619719991116
6198 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
6199 - Merged OpenBSD CVS changes:
6200 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
6201 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
6202 the keysize of rsa-parameter 'n' is passed implizit,
6203 a few more checks and warnings about 'pretended' keysizes.
6204 - [cipher.c cipher.h packet.c packet.h sshd.c]
6205 remove support for cipher RC4
6206 - [ssh.c]
6207 a note for legay systems about secuity issues with permanently_set_uid(),
6208 the private hostkey and ptrace()
6209 - [sshconnect.c]
6210 more detailed messages about adding and checking hostkeys
6211
dad9a31e 621219991115
6213 - Merged OpenBSD CVS changes:
bcbf86ec 6214 - [ssh-add.c] change passphrase loop logic and remove ref to
dad9a31e 6215 $DISPLAY, ok niels
6216 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
bcbf86ec 6217 modular.
dad9a31e 6218 - Revised autoconf support for enabling/disabling askpass support.
e7c0f9d5 6219 - Merged more OpenBSD CVS changes:
704b1659 6220 [auth-krb4.c]
6221 - disconnect if getpeername() fails
6222 - missing xfree(*client)
6223 [canohost.c]
6224 - disconnect if getpeername() fails
6225 - fix comment: we _do_ disconnect if ip-options are set
6226 [sshd.c]
6227 - disconnect if getpeername() fails
6228 - move checking of remote port to central place
6229 [auth-rhosts.c] move checking of remote port to central place
6230 [log-server.c] avoid extra fd per sshd, from millert@
6231 [readconf.c] print _all_ bad config-options in ssh(1), too
6232 [readconf.h] print _all_ bad config-options in ssh(1), too
6233 [ssh.c] print _all_ bad config-options in ssh(1), too
6234 [sshconnect.c] disconnect if getpeername() fails
e7c0f9d5 6235 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
c75a1a66 6236 - Various small cleanups to bring diff (against OpenBSD) size down.
f601d847 6237 - Merged more Solaris compability from Marc G. Fournier
6238 <marc.fournier@acadiau.ca>
6239 - Wrote autoconf tests for __progname symbol
986a22ec 6240 - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
0c372277 6241 - Released 1.2pre12
6242
6243 - Another OpenBSD CVS update:
6244 - [ssh-keygen.1] fix .Xr
dad9a31e 6245
92da7197 624619991114
6247 - Solaris compilation fixes (still imcomplete)
6248
94f7bb9e 624919991113
dd092f97 6250 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
6251 - Don't install config files if they already exist
6252 - Fix inclusion of additional preprocessor directives from acconfig.h
94f7bb9e 6253 - Removed redundant inclusions of config.h
e9c75a39 6254 - Added 'Obsoletes' lines to RPM spec file
94f7bb9e 6255 - Merged OpenBSD CVS changes:
6256 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
bcbf86ec 6257 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
94f7bb9e 6258 totalsize, ok niels,aaron
bcbf86ec 6259 - Delay fork (-f option) in ssh until after port forwarded connections
94f7bb9e 6260 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
b2344d54 6261 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
6262 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
dd092f97 6263 - Tidied default config file some more
6264 - Revised Redhat initscript to fix bug: sshd (re)start would fail
6265 if executed from inside a ssh login.
94f7bb9e 6266
e35c1dc2 626719991112
6268 - Merged changes from OpenBSD CVS
6269 - [sshd.c] session_key_int may be zero
b4748e2f 6270 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
bcbf86ec 6271 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
b4748e2f 6272 deraadt,millert
6273 - Brought default sshd_config more in line with OpenBSD's
547c9f30 6274 - Grab server in gnome-ssh-askpass (Debian bug #49872)
6275 - Released 1.2pre10
e35c1dc2 6276
8bc7973f 6277 - Added INSTALL documentation
6fa724bc 6278 - Merged yet more changes from OpenBSD CVS
6279 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
6280 [ssh.c ssh.h sshconnect.c sshd.c]
6281 make all access to options via 'extern Options options'
6282 and 'extern ServerOptions options' respectively;
6283 options are no longer passed as arguments:
6284 * make options handling more consistent
6285 * remove #include "readconf.h" from ssh.h
6286 * readconf.h is only included if necessary
6287 - [mpaux.c] clear temp buffer
6288 - [servconf.c] print _all_ bad options found in configfile
045672f9 6289 - Make ssh-askpass support optional through autoconf
59b0f0d4 6290 - Fix nasty division-by-zero error in scp.c
6291 - Released 1.2pre11
8bc7973f 6292
4cca272e 629319991111
6294 - Added (untested) Entropy Gathering Daemon (EGD) support
67d68e3a 6295 - Fixed /dev/urandom fd leak (Debian bug #49722)
5bbb5681 6296 - Merged OpenBSD CVS changes:
6297 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
6298 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
6299 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
bcbf86ec 6300 - Fix integer overflow which was messing up scp's progress bar for large
3f1d9bcd 6301 file transfers. Fix submitted to OpenBSD developers. Report and fix
6302 from Kees Cook <cook@cpoint.net>
6a17f9c2 6303 - Merged more OpenBSD CVS changes:
bcbf86ec 6304 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
6a17f9c2 6305 + krb-cleanup cleanup
6306 - [clientloop.c log-client.c log-server.c ]
6307 [readconf.c readconf.h servconf.c servconf.h ]
6308 [ssh.1 ssh.c ssh.h sshd.8]
6309 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
6310 obsoletes QuietMode and FascistLogging in sshd.
e35c1dc2 6311 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
6312 allow session_key_int != sizeof(session_key)
6313 [this should fix the pre-assert-removal-core-files]
6314 - Updated default config file to use new LogLevel option and to improve
6315 readability
6316
f370266e 631719991110
67d68e3a 6318 - Merged several minor fixes:
f370266e 6319 - ssh-agent commandline parsing
6320 - RPM spec file now installs ssh setuid root
6321 - Makefile creates libdir
4cca272e 6322 - Merged beginnings of Solaris compability from Marc G. Fournier
6323 <marc.fournier@acadiau.ca>
f370266e 6324
d4f11b59 632519991109
6326 - Autodetection of SSL/Crypto library location via autoconf
6327 - Fixed location of ssh-askpass to follow autoconf
6328 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
6329 - Autodetection of RSAref library for US users
6330 - Minor doc updates
560557bb 6331 - Merged OpenBSD CVS changes:
6332 - [rsa.c] bugfix: use correct size for memset()
6333 - [sshconnect.c] warn if announced size of modulus 'n' != real size
f025becb 6334 - Added GNOME passphrase requestor (use --with-gnome-askpass)
d397b172 6335 - RPM build now creates subpackages
aa51e7cc 6336 - Released 1.2pre9
d4f11b59 6337
e1a9c08d 633819991108
6339 - Removed debian/ directory. This is now being maintained separately.
6340 - Added symlinks for slogin in RPM spec file
6341 - Fixed permissions on manpages in RPM spec file
6342 - Added references to required libraries in README file
6343 - Removed config.h.in from CVS
6344 - Removed pwdb support (better pluggable auth is provided by glibc)
6345 - Made PAM and requisite libdl optional
6346 - Removed lots of unnecessary checks from autoconf
6347 - Added support and autoconf test for openpty() function (Unix98 pty support)
6348 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
6349 - Added TODO file
6350 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
6351 - Added ssh-askpass program
6352 - Added ssh-askpass support to ssh-add.c
6353 - Create symlinks for slogin on install
6354 - Fix "distclean" target in makefile
6355 - Added example for ssh-agent to manpage
6356 - Added support for PAM_TEXT_INFO messages
6357 - Disable internal /etc/nologin support if PAM enabled
6358 - Merged latest OpenBSD CVS changes:
5bae4ab8 6359 - [all] replace assert() with error, fatal or packet_disconnect
e1a9c08d 6360 - [sshd.c] don't send fail-msg but disconnect if too many authentication
6361 failures
e1a9c08d 6362 - [sshd.c] remove unused argument. ok dugsong
6363 - [sshd.c] typo
6364 - [rsa.c] clear buffers used for encryption. ok: niels
6365 - [rsa.c] replace assert() with error, fatal or packet_disconnect
ade6fccd 6366 - [auth-krb4.c] remove unused argument. ok dugsong
e1a9c08d 6367 - Fixed coredump after merge of OpenBSD rsa.c patch
9010d60a 6368 - Released 1.2pre8
e1a9c08d 6369
3028328e 637019991102
6371 - Merged change from OpenBSD CVS
6372 - One-line cleanup in sshd.c
6373
474832c5 637419991030
6375 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
69256d9d 6376 - Merged latest updates for OpenBSD CVS:
6377 - channels.[ch] - remove broken x11 fix and document istate/ostate
6378 - ssh-agent.c - call setsid() regardless of argv[]
6379 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
6380 - Documentation cleanups
6381 - Renamed README -> README.Ylonen
6382 - Renamed README.openssh ->README
474832c5 6383
339660f6 638419991029
6385 - Renamed openssh* back to ssh* at request of Theo de Raadt
6386 - Incorporated latest changes from OpenBSD's CVS
6387 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
6388 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
549b3eed 6389 - Make distclean now removed configure script
6390 - Improved PAM logging
6391 - Added some debug() calls for PAM
4ecd19ea 6392 - Removed redundant subdirectories
bcbf86ec 6393 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
4ecd19ea 6394 building on Debian.
242588e6 6395 - Fixed off-by-one error in PAM env patch
6396 - Released 1.2pre6
339660f6 6397
5881cd60 639819991028
6399 - Further PAM enhancements.
6400 - Much cleaner
6401 - Now uses account and session modules for all logins.
6402 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
6403 - Build fixes
6404 - Autoconf
6405 - Change binary names to open*
6406 - Fixed autoconf script to detect PAM on RH6.1
6407 - Added tests for libpwdb, and OpenBSD functions to autoconf
221395b3 6408 - Released 1.2pre4
fca82d2e 6409
6410 - Imported latest OpenBSD CVS code
6411 - Updated README.openssh
93f04616 6412 - Released 1.2pre5
fca82d2e 6413
5881cd60 641419991027
6415 - Adapted PAM patch.
6416 - Released 1.0pre2
6417
6418 - Excised my buggy replacements for strlcpy and mkdtemp
6419 - Imported correct OpenBSD strlcpy and mkdtemp routines.
6420 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
6421 - Picked up correct version number from OpenBSD
6422 - Added sshd.pam PAM configuration file
6423 - Added sshd.init Redhat init script
6424 - Added openssh.spec RPM spec file
6425 - Released 1.2pre3
6426
642719991026
6428 - Fixed include paths of OpenSSL functions
6429 - Use OpenSSL MD5 routines
6430 - Imported RC4 code from nanocrypt
6431 - Wrote replacements for OpenBSD arc4random* functions
6432 - Wrote replacements for strlcpy and mkdtemp
6433 - Released 1.0pre1
0b202697 6434
6435$Id$
git-cvsimport mirror of OpenSSH
This page took 1.545977 seconds and 5 git commands to generate.